Inadequate Encryption Strength
Description
The code uses an insufficient key size for DSA. NIST recommends a key size of 2048 or higher.
Examples
Insecure Code
scala
KeyPairGenerator.getInstance("RSA").initialize(1024);Secure Code
scala
KeyPairGenerator.getInstance("RSA").initialize(2048);Remediation
Increase the key size to at least 2048.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0026 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | encryption, key size |
| OWASP | N/A |