Insufficient Key Size

ID

python.insufficient_key_size

Severity

high

Resource

Predictability

Language

Python

Tags

CWE:326, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto

Description

Inadequate encryption strength due to insufficient key size.

Rationale

In cryptography, the strength of an encryption scheme is significantly driven by the size of the key. Insufficient key sizes can lead to vulnerabilities that render encrypted data susceptible to exposure through brute-force attacks.

In Python, common cryptography implementations might inadvertently use inadequate key sizes, leading to compromised data confidentiality.

from cryptography.hazmat.primitives.asymmetric import rsa

rsa.generate_private_key(3, # FLAW
                         512,
                         backends.default_backend())

In this example, the RSA key is built with 512 bits that are considered insecure nowadays.

Remediation

To remedy insufficient key size vulnerabilities, developers should adhere to well-established cryptographic standards and ensure that cryptographic keys are of adequate length. Here are some practical steps for Java:

  1. Update your cryptographic algorithms and libraries: Always use up-to-date and secure libraries. Java’s built-in cryptographic libraries, or well-known libraries like Bouncy Castle, should be considered.

  2. Choose adequate key sizes: For example, with AES, opt for a minimum of 128 bits, ideally 256 bits, for symmetric encryption keys.

  3. Review and Refactor: Legacy systems often contain outdated encryption; perform a security review to identify areas where cryptography needs strengthening.

  4. Stay Informed: Cryptographic standards evolve. Regularly consult NIST and similar organizations’ guidelines to ensure compliance with current best practices.

Through comprehensive auditing and adherence to these guidelines, an organization can significantly reduce the risk posed by insufficient cryptographic key sizes.

Configuration

The rule has the following configurable parameters:

  • minKeySize, that indicates the minimum key size allowed for each algorithm.

  • allowedEllipticCurves, that indicates the elliptic curves allowed for ECDH or ECDSA schemes.

properties:
  minKeySize:
    - AES/128 # Advanced Encryption Standard, block cipher
    - CMAC/128 # Block Cipher Message Authentication Code
    - DiffieHellman/2048 # Diffie-Hellman key agreement
    - DSA/2048 # Digital Signature Standard (DSA)
    - ECDH/256 # Elliptic Curve Diffie-Hellman key agreement
    - ECDSA/256 # Elliptic Curve DSA
    - HMAC/128 # Hash-based Message Authentication Code
    - RSA/2048 # RSA

  # Elliptic curves allowed for ECDH or ECDSA schemes
  allowedEllipticCurves: [
    Curve1174, Curve25519, Curve41417,
    P-256, secp256r1, secp256k1,
    P-384, secp384r1,
    brainpoolP256t1, brainpoolP384t1
  ]

References