This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: csharp-security/predictable-iv

Language: C#

Severity: Warning

Category: Security

CWE: 329

Description

In security, initialization vectors must change and not be static. Avoid fixed initialization vectors and always use dynamic values.

Learn More

Non-Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
    {
        var acsp = new AesCryptoServiceProvider();

        byte[] iv     = new byte[] {};
        var encryptor = acsp.CreateEncryptor(key, iv);
    }
}

Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void Encrypt(byte[] key, byte[] dataToEncrypt, MemoryStream target)
    {
        var acsp = new AesCryptoServiceProvider();
        var encryptor = acsp.CreateEncryptor(key, acsp.IV);
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: safchain/fix-custom-agent