DRD25. Use constant-time encryption
This rule was developed in part by Aashirya Kaushik and Stephanie Colton at the October 20-22, 2017 OurCS Workshop ( http://www.cs.cmu.edu/ourcs/register.html ).
For more information about this statement, see the About the OurCS Workshop page.
Under Construction
This guideline is under construction.
In this space, describe the overall rule.
Noncompliant Code Example
This noncompliant code example shows an application that ...
TBD
...
Compliant Solution
In this compliant solution ...:
TBD
Exceptions
Risk Assessment
Summary of risk assessment.
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
DRD25 | No | No |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| TBD |
Related Vulnerabilities
Hyperlink black-font text "the CERT website" below, with URL as follows: https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+\<RULE_ID>
In the URL example above, <RULE_ID> should be substituted by this CERT guideline ID (e.g., INT31-C). Then, remove this purple-font paragraph.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CWE | 326: Inadequate Encryption Strength |
| CWE | 182: Collapse of Data into Unsafe Value |
Bibliography
| Genkin 2016 | |
| Cauligi 2017 |