In some Java code that I'm reading, I stumbled over the following encryption algorithms passed to the Cipher.getInstance(...) method:
- AES/CBC/PKCS5Padding
- DESede/ECB/PKCS5Padding
- RSA/ECB/PKCS1Padding
Note: In the Java model, the first substring represents the cipher, the second the mode of operation, and the third the padding scheme.
Now, I believe that ECB is generally insecure (independently of the used cipher / padding scheme), because it preserves the structure of the plaintext.
In addition, I also read that CBC can be insecure, depending on the implementation. More precisely, if the implementation is written in such a way that it is revealed whether some given ciphertext was correctly padded or not, then this can be exploited to decrypt encrypted messages. In the case of Java, the problem is that different platforms / Java implementations / crypto providers are available, so it's hard to tell in general whether using CBC as a mode of operation is fine.
That leads me to think that all three of the above algorithms are potentially insecure. But perhaps I'm overestimating the problems of ECB / CBC, and they can be used in a secure way?
Hence the question: Can/Should the above algorithms be considered as secure or not, and why?
Update: To provide some more context, the code I'm referring to is the OWASP Benchmark. This benchmark consists of thousands of test cases, some of which intentionally contain actual vulnerabilities, while others intentionally contain "fake" vulnerabilities (i.e., code that looks like it might be vulnerable but actually isn't). Some of the test cases labeled as "fake vulnerabilities" encrypt some text using one of the three algorithms mentioned above. Since OWASP considers these as "fake vulnerabilities", that implies that OWASP considers these algorithms as safe, which surprised me. I'm wondering whether OWASP is right in considering these algorithms as safe, or whether these test cases in the OWASP Benchmark really ought to be labeled as "actual vulnerabilities" rather than "fake vulnerabilities".
An example of such a "fake vulnerability" test case in the OWASP Benchmark is the test case 54, which encrypts some data using AES/CBC/PKCS5Padding, but is labeled as not being vulnerable to CWE 327: Use of a Broken or Risky Cryptographic Algorithm.