Use of a broken or risky cryptographic mode of operation
ID |
python.weak_encryption_mode_of_operation |
Severity |
critical |
Resource |
Cryptography |
Language |
Python |
Tags |
CWE:327, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto |
Description
The use of weak encryption modes of operation, such as ECB, can compromise the confidentiality and integrity of data by allowing patterns to be detected in encrypted data. This is particularly pertinent in applications where secure encryption practices are crucial for protecting sensitive information.
Rationale
Certain encryption modes like Electronic Codebook (ECB) are considered weak because they encrypt identical plaintext blocks into identical ciphertext blocks.
This lack of semantic security may lead to pattern detection, data leakage, or could aid attackers in deciphering the content. Using stronger modes such as Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM) enhances security by introducing an initialization vector (IV) or nonce, ensuring that ciphertext appears random even when plaintexts are identical.
Consider the following Python code:
from Crypto.Cipher import AES
from Crypto import Random
def weak_mode():
key = b'the key'
iv = Random.new().read(AES.block_size)
cipher = pycrypto_arc2.new(key, AES.MODE_ECB, iv)Remediation
To remediate the use of weak encryption modes, it is advisable to use secure modes such as CBC or GCM, which require an IV or nonce, thus preventing pattern detection and data leakage. Below is an example using AES-128-CBC with a random IV:
The remediation example for Python would look like this:
from Crypto.Cipher import AES
from Crypto import Random
def weak_mode():
key = b'the key'
iv = Random.new().read(AES.block_size)
cipher = pycrypto_arc2.new(key, AES.MODE_CFB, iv)Configuration
The detector has the following configurable parameters:
-
forbiddenModes, that indicates the modes that are considered weak and that should not be used.
References
-
CWE-327 : Use of a Broken or Risky Cryptographic Algorithm.