Insecure encryption algorithm (DES)
Description
The DES algorithm has not been recommended for over 15 years and was withdrawn from NIST (FIPS 46-3) in 2005. Consider using libsodium's `crypto_secretbox_easy` authenticated encryption functions instead. If you must be FIPS compliant, consider using OpenSSL's AES or 3DES ciphers.
Examples
Insecure Code
c
EVP_des_ecb(...);Secure Code
c
EVP_aes_256_cbc(...);Remediation
Replace DES with a secure encryption algorithm like AES or 3DES, and consider using authenticated encryption functions like `crypto_secretbox_easy` from libsodium.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0586 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | encryption, DES, AES, 3DES |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |