Remove DES from SecureStore

openkm / document-management-system

OpenKM is a Open Source Document Management System

https://www.openkm.com/

GNU General Public License v2.0

671 stars 297 forks source link

Remove DES from SecureStore #322

Closed akwick closed 2 years ago

akwick commented 2 years ago

During an empirical study to understand the nature of cryptographic misuses in enterprise-driven projects on GitHub, we randomly inspected a few of the misuses. One of the misuses for which we could confirm as a true positive of the analysis, CogniCryptSAST, is in this project.

com.openkm.util.SecureStore: Use DES as encryption. However, DES is not considered as secure anymore. Industrial tools like SonarSource consider the usage of DES as critical as well.

darkman97i commented 2 years ago

Thanks for the advisor. Really was an old section of code not used, I will remove it.