cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sahil (JIRA)" <>
Subject [jira] [Created] (CB-12447) Inadequate Encryption Strength
Date Fri, 10 Feb 2017 15:04:41 GMT
Sahil created CB-12447:

             Summary: Inadequate Encryption Strength
                 Key: CB-12447
             Project: Apache Cordova
          Issue Type: Bug
            Reporter: Sahil

We are using Cordova for our android hybrid app and following is the result for the VARACODE
static scan 	

Attack Vector: javax.crypto.spec.PBEKeySpec.!operator_javanewinit

Description: This call to javax.crypto.spec.PBEKeySpec.!operator_javanewinit() uses fewer
than 1000 iterations for PBE key generation. RFC 2898 recommends at least 1000 iterations
because a higher iteration count increases the computational cost of a dictionary attack.

Remediation: Use a minimum of 1000 iterations.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message