DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Swift

Swift

Made by DeepSource
Use Analyzer

Use of an insecure block cipher mode SW-S1003

Security
Critical
 cwe-327

ECB encrypts identical plaintext blocks into identical ciphertext blocks. This means that if the same plaintext block appears multiple times in the message, it will result in the same ciphertext block. This behavior makes the encryption vulnerable to certain attacks, such as replay attacks, where an attacker can intercept and replay the encrypted blocks to recreate the original message.

Consider using other secure modes like Cipher Block Chaining.

The CBC mode XORs the first plaintext block with an initialization vector before encrypting it. This mode also performs block-chaining i.e. every subsequent plaintext block is XOR-ed with the ciphertext of the previous block. This introduces an element of randomness, preventing identical plaintext blocks from producing identical ciphertext blocks and mitigating the vulnerability to replay attacks.

Bad Practice

import CryptoSwift

let blockMode = ECB() // Use of `ECB` is not safe
_ = try AES(key: key, blockMode: blockMode, padding: padding)

Recommended

import CryptoSwift

let blockMode = CBC(iv: iv)
_ = try AES(key: key, blockMode: blockMode, padding: padding)