Use of a broken or risky cryptographic algorithm
Description
The DES algorithm has not been recommended for over 15 years and was withdrawn from NIST (FIPS 46-3) in 2005. It is recommended that an algorithm that provides message integrity be used instead. Consider using `XChaCha20Poly1305` or `AES-256-GCM`.
Examples
Insecure Code
go
import "crypto/des"Secure Code
go
import "golang.org/x/crypto/chacha20poly1305"Remediation
Replace the DES algorithm with a secure alternative like `XChaCha20Poly1305` or `AES-256-GCM`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0771 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | cryptography, security |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |