Broken Cryptography¶
When an app developer wants to take advantage of encryption in his application. But due to using unaware or improper cryptography attacker can take advantage and reverse encryption into plain text. This flaw known as Broken Cryptography; it can be done by:
- Poor Key Management Process
If developer store key in the same readable directory as the encrypted content, attacker can take the key and decrypt the algorithm. Avoid uses hardcoded key or password within binary or source code. Keys may be intercepted via binary attacks
- Creating custom encryption protocols:
There is no easier way to mishandle encryption–mobile or otherwise–than to try to create and use your own encryption algorithms or protocols.
- Use of Insecure and/or Deprecated Algorithms
Many cryptographic algorithms and protocols should not be used because they have been shown to have significant weaknesses or are otherwise insufficient for modern security requirements. These include:
- RC2
- MD4
- MD5
- SHA1