Inadequate encryption strength
Description
DES, TripleDES and RC2 are all considered broken or insecure cryptographic algorithms. Newer algorithms apply message integrity to validate ciphertext has not been tampered with. Consider using `ChaCha20Poly1305` instead as it is easier and faster than the alternatives such as `AES-256-GCM`.
Examples
Insecure Code
java
javax.crypto.Cipher.getInstance("DES");Secure Code
java
Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");Remediation
Replace DES with a secure encryption algorithm like ChaCha20Poly1305.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0686 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure encryption, DES |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |