TICS Coding Standard Viewer 
TIOBE Software Quality Framework
Print-friendly version
©TIOBE Software www.tiobe.com
 
TIOBE - Java Coding Standard
Search

Rule:  Security2Checked automatically with code checker

Synopsis:Do not use hard coded initialization vector in cryptographic operations
Language:Java
Severity Level:3
Category:SecurityCodeGuidelines


Description:

Do not use hard coded initialization vector in cryptographic operations. Please use a randomly generated IV.

public class Foo {
    void good() {
        SecureRandom random = new SecureRandom();
        byte iv[] = new byte[16];
        random.nextBytes(bytes);
    }

    void bad() {
        byte[] iv = new byte[] { 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, };
    }
    
    void alsoBad() {
        byte[] iv = "secret iv in here".getBytes();
    }
}