Open akwick opened 1 year ago
hi @akwick ,
Thank you very much for creating issue and your contribution to the project. I've put this to the backlog.
If you also have some chance to send PR, we'll really appreciate the amount of your contribution.
Have a great day
Regards Oguz
Short description
Brief description of what happened
A Diffie-Hellman (DH) base of 2 is used to generate the DHParameterSpec that are later used to call the method generateKeyPair. A small base (g) is considered insecure as the resulting group will be small, e.g., g = 1 results in a group with one element. The technical report of BSI BSI-TR-02102-1 includes details in Section 8.2.1 Diffe-Hellman.
(Context: @schlichtig and I manually reviewed randomly sampled JCA usages for a benchmark to identify secure or insecure usages of the API. )
Environment
Steps to reproduce
Expected behavior
Put as much detail here as possible
Parameters are selected with secure values.
Actual behavior
Put as much detail here as possible
Parameters are selected with an insecure value.