The use of a hard-coded cryptographic key significantly
increases the possibility that encrypted data may be
recovered.
Time of Introduction
Architecture and Design
Applicable Platforms
Languages
All
Common Consequences
Scope
Effect
Authentication
If hard-coded cryptographic keys are used, it is almost certain that
malicious users will gain access through the account in question.
Likelihood of Exploit
High
Demonstrative Examples
Example 1
The following code examples attempt to verify a password using a
hard-coded cryptographic key. The cryptographic key is within a hard-coded
string value that is compared to the password and a true or false value is
returned for verification that the password is equivalent to the hard-coded
cryptographic key.
(Bad Code)
C and C++
int VerifyAdmin(char *password) {
if (strcmp(password,"68af404b513073584c4b6f22b6c63e6b"))
{
printf("Incorrect Password!\n");
return(0);
}
printf("Entering Diagnostic Mode...\n");
return(1);
}
(Bad Code)
Java
public boolean VerifyAdmin(String password) {
if (password.equals("68af404b513073584c4b6f22b6c63e6b"))
{
if (password.Equals("68af404b513073584c4b6f22b6c63e6b"))
{
Console.WriteLine("Entering Diagnostic Mode...");
return(1);
}
Console.WriteLine("Incorrect Password!");
return(0);
}
Potential Mitigations
Phase
Description
Architecture and Design
Prevention schemes mirror that of hard-coded password storage.
Other Notes
The main difference between the use of hard-coded passwords and the use of
hard-coded cryptographic keys is the false sense of security that the former
conveys. Many people believe that simply hashing a hard-coded password
before storage will protect the information from malicious users. However,
many hashes are reversible (or at least vulnerable to brute force attacks)
-- and further, many authentication protocols simply request the hash
itself, making it no better than a password.
Description
