Vulnerability
DES (Data Encryption Standard) or 3DES should not be used
Description
This rule states that the Data Encryption Standard (DES) or Triple DES (3DES) should not be used in PowerBuilder code. DES and 3DES are outdated encryption algorithms, and are considered to be weak and insecure. It is recommended to use more modern and secure algorithms such as AES or RSA for encryption.
Key Benefits
- Stronger encryption: DES or 3DES should not be used as they are no longer considered secure due to their limited key sizes.
- Increased security: DES or 3DES should not be used as they are outdated and can be easily broken with modern computing power.
- Better compliance: DES or 3DES should not be used as they do not meet current security standards and regulations.
Non-compliant Code Example
loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "des" //Can't use DES
CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject
lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(DES!, lblb_data, lblb_key, &OperationModeCBC!, lblb_iv, PKCSPadding!) //Can't use DES