CWE-327 - Githubissues

libressl / openbsd

Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to tech@openbsd.org, instead of submitting pull requests, since this tree is often rebased.

231 stars 92 forks source link

CWE-327 #93

Closed RootUp closed 6 years ago

RootUp commented 6 years ago

Hi Team,

This issue was observed while doing source code analysis that:

https://github.com/libressl-portable/openbsd/blob/master/src/lib/libcrypto/evp/e_old.c#L83

DES only supports a 56-bit keysize, which is too small given today'scomputers such as (CWE-327).

I think using a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES.

Request team, to have a look.

Cheers!

4a6f656c commented 6 years ago

What is it exactly, that you think this code actually does?

RootUp commented 6 years ago

My bad, I just had a look on https://github.com/libressl-portable/openbsd/blob/master/src/lib/libcrypto/evp/e_old.c#L135 and below Closing this issue.