Enhance Cryptographic failures module

[aashpis]

Reordered and added new levels, now 1-11, to the Cryptographic failures module according to issue 523.

Additional methods have been added to PasswordHashingUtils for new levels

EncryptionUtils was created as part of the internal.utility package and contains methods related to encryption.

Descriptions for new levels were added to message.properties

New Level Order:

1. plaintext storage
2. Base64 encoding is not encryption
3. Caesar Cipher
4. Security By Obscurity/Custom logic
5. MD4 Hash
6. MD5 Hash
7. SHA-1 Hash
8. LM Hash
9. Unsalted SHA-256
10. AES with weak key
11. Secure example: Bcrypt

[codecov-commenter]

Codecov Report

❌ Patch coverage is 0.82645% with 120 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.59%. Comparing base (e3e88be) to head (5bf2e7b).
⚠️ Report is 4 commits behind head on master.

Files with missing lines	Patch %	Lines
...icFailures/CryptographicFailuresVulnerability.java	0.00%	60 Missing ⚠️
...sanlabs/internal/utility/PasswordHashingUtils.java	2.85%	34 Missing ⚠️
...rg/sasanlabs/internal/utility/EncryptionUtils.java	0.00%	26 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #596      +/-   ##
============================================
- Coverage     51.21%   49.59%   -1.63%     
- Complexity      465      466       +1     
============================================
  Files            70       71       +1     
  Lines          2718     2809      +91     
  Branches        287      301      +14     
============================================
+ Hits           1392     1393       +1     
- Misses         1195     1285      +90     
  Partials        131      131              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[preetkaran20]

I think we should create a table and insert secrets in the table and let user find it out by looking at the table. The challenge should not say what is the secret like in our case level 1 is showing the password. Look at Authentication Vulnerability, we just want to tell user to find out the secret by looking at database. Example:

[preetkaran20]

This challenge should be that password is stored as plain text, look at database to findout what is the password and crack it.

[preetkaran20]

dont tell it is base64 encoded, let user find it out. The hint should tell it is base64 encoded. i.e.

[preetkaran20]

Dont tell it is caesar cipher in challenge. Challenge is finding out password. Hint should tell it is Caesar cipher

[preetkaran20]

Is it possible to make the secrets little more complex ?

[preetkaran20]

make it a bit complex

[preetkaran20]

This is great !!! we need challenge for user.

[preetkaran20]

great !!!

[preetkaran20]

make secret really strong in this case.

[preetkaran20]

Each level password should be different from other levels.

[preetkaran20]

Should be CHALLENGE not SECURE

[preetkaran20]

make it little complex secret

[preetkaran20]

add few numbers too as that adds complexity.

[preetkaran20]

we should not return secret.

[preetkaran20]

Secret should not be told to user on failure.

[preetkaran20]

make this passwrod random generated on each run as this is very secure and we want to tell that no one can guess this.

[preetkaran20]

Just tell it is incorrect. let user user hint section to find out that base64 is used.

[preetkaran20]

dont tell the shift size. let user find it out using hint. just tell that the password is incorrect.

[preetkaran20]

This is good hiding. Api should return just this.

[preetkaran20]

great !!!! telling guessHash is good as user gets some information using this.

[preetkaran20]

Overall PR looks great. Just some small comments.