CA5358: Do Not Use Unsafe Cipher Modes
| Property | Value |
|---|---|
| Rule ID | CA5358 |
| Title | Do Not Use Unsafe Cipher Modes |
| Category | Security |
| Fix is breaking or non-breaking | Non-breaking |
| Enabled by default in .NET 8 | No |
Cause
Use of one of the following unsafe encryption modes that is not approved:
- System.Security.Cryptography.CipherMode.ECB
- System.Security.Cryptography.CipherMode.OFB
- System.Security.Cryptography.CipherMode.CFB
Rule description
These modes are vulnerable to attacks and may cause exposure of sensitive information. For example, using ECB to encrypt a plaintext block always produces a same cipher text, so it can easily tell if two encrypted messages are identical. Using approved modes can avoid these unnecessary risks.
How to fix violations
- Use only approved modes (System.Security.Cryptography.CipherMode.CBC, System.Security.Cryptography.CipherMode.CTS).
When to suppress warnings
It's safe to suppress a warning from this rule if:
- Cryptography experts have reviewed and approved the cipher mode's usage.
- The referenced CipherMode isn't used for a cryptographic operation.
Suppress a warning
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
#pragma warning disable CA5358
// The code that's violating the rule is on this line.
#pragma warning restore CA5358
To disable the rule for a file, folder, or project, set its severity to none in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA5358.severity = none
For more information, see How to suppress code analysis warnings.
Pseudo-code examples
Assign ECB to Mode property
using System.Security.Cryptography;
class ExampleClass {
private static void ExampleMethod () {
RijndaelManaged rijn = new RijndaelManaged
{
Mode = CipherMode.ECB
};
}
}
Using the value ECB
using System;
using System.Security.Cryptography;
class ExampleClass
{
private static void ExampleMethod()
{
Console.WriteLine(CipherMode.ECB);
}
}
Solution
using System.Security.Cryptography;
class ExampleClass {
private static void ExampleMethod () {
RijndaelManaged rijn = new RijndaelManaged
{
Mode = CipherMode.CBC
};
}
}
Cộng tác với chúng tôi trên GitHub
Bạn có thể tìm thấy nguồn cho nội dung này trên GitHub, nơi bạn cũng có thể tạo và xem lại các vấn đề và yêu cầu kéo. Để biết thêm thông tin, hãy xem hướng dẫn dành cho người đóng góp của chúng tôi.
