Insecure support of setting PBE less then 1000 iteration count #263
Description
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector on this language(Our main concern is the secure implementation and use of Json Web Token). We found your great public repository and several security issues detected by our detector are shown in the following.
We found it is supported to set iteration count toward setting header parameter “p2c”,when using PBE algorithm to generate JWE. And the library does not check the count of iterations, so users may set the number of iterations to be less than 1000.
var headers = new Dictionary<string, object> { { "p2c", 100 }, {"p2s","secret" } }; string token = Jose.JWT.Encode(payload, "secret", JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512, extraHeaders: headers);
We think that the library need also limit the number of iterations specified by the user, and not allow to set the iteration count less than 1000. Because some inexperienced developers may set an insecure iteration count.