Hello! I'm new to DataX and when I was browsing the code I found some potential cryptographic risks.
DES and 3DES used
DES is used here and 3DES is used here. Both DES and 3DES are considered insecure. Is it for compacity?
private final static String DES = "DES";
public static final String KEY_ALGORITHM_3DES = "DESede";
Hardcoded key with an empty string
The key is hardcoded here. I know this empty string is a default key and will only be available when the key is not provided. But a default key with an empty string is also considered insecure, and generating a random string for the default key may be a better choice.
Hello! I'm new to DataX and when I was browsing the code I found some potential cryptographic risks.
DES and 3DES used DES is used here and 3DES is used here. Both DES and 3DES are considered insecure. Is it for compacity?
Hardcoded key with an empty string The key is hardcoded here. I know this empty string is a default key and will only be available when the key is not provided. But a default key with an empty string is also considered insecure, and generating a random string for the default key may be a better choice.