Skip to content

Commit 95116ee

Browse files
owen-mcowen-mc
committed
Update recommendations
1 parent 5c99c8c commit 95116ee

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

java/ql/lib/semmle/code/java/security/Encryption.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -219,11 +219,11 @@ predicate insecureAlgorithm(string name, string reason) {
219219
or
220220
name = "ECB" and
221221
reason =
222-
"Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks. Use a different encryption mode."
222+
"Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks. Consider using a different encryption mode, like CBC or GCM, instead."
223223
or
224224
name = "AES/CBC/PKCS[57]Padding" and
225225
reason =
226-
"CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using AES instead."
226+
"CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM encryption mode instead."
227227
}
228228

229229
/**

0 commit comments

Comments
 (0)