M5: 2016 - Insufficient Cryptography

Unofficial Content

Actions by GeneXus

  • GeneXus uses the Android KeyStore to store symmetric keys. The keys change on every application and even when the user uninstall and install the application again.
  • The applications use Android primitives and the AES/CBC/PKCS5Padding algorithm.
  • The keys are different accordingly to its task (SecureSet, DB encryption, OAuth token encryption)
  • To generate random numbers GeneXus applications use a Secure Random function (java.security.SecureRandom on Android)
  • GeneXus allows DB encryption.