Use of a broken or risky cryptographic algorithm
ID |
javascript.weak_encryption_algorithm |
Severity |
critical |
Resource |
Cryptography |
Language |
JavaScript |
Tags |
CWE:327, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto |
Description
Weak encryption algorithm vulnerabilities occur when outdated or insufficiently secure cryptographic algorithms are used, potentially leading to data compromise.
Encryption algorithms like DES, Triple-DES and RC2 are nowadays too weak for cryptographic usage, in particular for ensuring information confidentiality.
Rationale
Encryption algorithms are crucial for ensuring the confidentiality of sensitive data during transmission and storage. However, some algorithms that were secure in the past are now considered vulnerable due to advances in computational power and cryptanalysis techniques.
Two examples are:
-
Triple-DES, now considered a modest improvement over the obsolete and broken DES. It is slower and shorter in key length compared to more secure algorithms.
-
IDEA (International Data Encryption Algorithm). While stronger than DES, IDEA has limited key length and is not as widely supported or vetted as AES for modern use cases.
Instead, more modern algorithms like AES should be used, with key length chosen according to the sensitivity of the date or the time in the future that the data needs to be protected.
Other considerations, such as the use of an appropriate cipher mode and, above all, proper key management, should also be taken into account when using encryption libraries.
var crypto = require('crypto');
var keymgr = require('my_key_management');
// Warning: bad key management makes crypto theory irrelevant...
var key = keymgr.loadKey();
var data = {};
data.iv = crypto.randomBytes(8).toString('utf8');
// FLAW - DES is broken !
var cipher = crypto.createCipheriv('des-cbc', key, data.iv);
data.ciphertext = cipher.update(text, 'utf8', 'hex');
data.ciphertext += cipher.final('hex');Remediation
To remediate this vulnerability, cryptographic keys should be managed securely, never hardcoding them in source code. Instead, use environmental variables, configuration files, or dedicated secrets management services that provide secure storage and retrieval of sensitive data.
An alternative is to perform cryptographic operations using an external, managed service. Known as Key Management Services (KMS), they provide different features including key generation and storage, key rotation and lifecycle management, encryption / decryption and other cryptographic operations like digital signatures, key wrapping, secure random number generation, etc.
The following example fixes the flawed encryption with AES, using 256 bits of key length, and Galois Counter Mode (GCM) as the cipher mode:
// Warning: bad key management makes crypto theory irrelevant...
key = keymgr.loadKey();
// for decryption with authentication modes, cipher-text, iv, and tag should be passed
data = {};
data.iv = crypto.randomBytes(32).toString('utf8');
cipher = crypto.createCipheriv('aes-256-gcm', key, data.iv);
data.ciphertext = cipher.update(text, 'utf8', 'hex');
data.ciphertext += cipher.final('hex');
data.tag = cipher.getAuthTag();Configuration
The detector has the following configurable parameters:
-
allowedAlgorithms, that indicates the algorithms that are allowed to be used. -
forbiddenAlgorithms, that indicates the algorithms that are considered weak and that should not be used.
References
-
CWE-327 : Use of a Broken or Risky Cryptographic Algorithm.
-
How to choose an Authenticated Encryption mode, for an overview on the different authenticated encryption modes.
-
OWASP - Top 10 2021 Category A02:2021 : Cryptographic Failures.