Use of a broken or risky cryptographic algorithm
ID |
python.weak_encryption_algorithm |
Severity |
critical |
Resource |
Cryptography |
Language |
Python |
Tags |
CWE:327, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto |
Description
Weak encryption algorithm vulnerabilities occur when outdated or insufficiently secure cryptographic algorithms are used, potentially leading to data compromise.
Encryption algorithms like DES, Triple-DES and RC2 are nowadays too weak for cryptographic usage, in particular for ensuring information confidentiality.
Rationale
Encryption algorithms are crucial for ensuring the confidentiality of sensitive data during transmission and storage. However, some algorithms that were secure in the past are now considered vulnerable due to advances in computational power and cryptanalysis techniques.
Two examples are:
-
Triple-DES, now considered a modest improvement over the obsolete and broken DES. It is slower and shorter in key length compared to more secure algorithms.
-
IDEA (International Data Encryption Algorithm). While stronger than DES, IDEA has limited key length and is not as widely supported or vetted as AES for modern use cases.
Instead, more modern algorithms like AES should be used, with key length chosen according to the sensitivity of the date or the time in the future that the data needs to be protected.
Other considerations, such as the use of an appropriate cipher mode and, above all, proper key management, should also be taken into account when using encryption libraries.
Consider the following Python code:
from Crypto.Cipher import DES
from Crypto import Random
key = b'1234567890'
iv = Random.new().read(DES.block_size)
cipher = DES.new(key, DES.MODE_CBC, iv) # FLAW
plaintext = b'this.is.not.the.way'
msg = iv + cipher.encrypt(plaintext)Remediation
To enhance the security of your symmetric encryption practices in applications, adhere to the following recommendations:
1. Use AES: Adopt AES (Advanced Encryption Standard) as it offers strong encryption capabilities with flexible key lengths (128, 192, or 256 bits) and is widely accepted as a robust standard for secure encryption. Only go to other algorithms if necessary. Albeit there are other symmetric ciphers that could be used for special applications, AES is in general the best choice. Alternatives considered robust are ChaCha20-Poly1305, TwoFish, Serpent, or even ASCON for resource-constrained devices.
2. Proper Key Lengths and Modes: For AES, use key lengths of at least 128-bits, and prefer modes like GCM (Galois/Counter Mode) or at least CBC (Cipher Block Chaining) with adequate padding and initialization vectors to enhance security.
3. Up-to-date Libraries: Utilize well-maintained libraries to implement encryption, ensuring your code benefits from the latest security updates and best practices.
4. Regular Security Reviews: Continuously assess and update encryption practices to adapt to new cryptographic research and potential vulnerabilities in existing standards.
Configuration
The detector has the following configurable parameters:
-
allowedAlgorithms, that indicates the algorithms that are allowed to be used. -
forbiddenAlgorithms, that indicates the algorithms that are considered weak and that should not be used.
References
-
CWE-327 : Use of a Broken or Risky Cryptographic Algorithm.
-
How to choose an Authenticated Encryption mode, for an overview on the different authenticated encryption modes.
-
OWASP - Top 10 2021 Category A02:2021 : Cryptographic Failures.