Use of a broken or risky cryptographic algorithm
Description
DES, TripleDES and RC2 are all considered broken or insecure cryptographic algorithms. Newer algorithms apply message integrity to validate ciphertext has not been tampered with. Consider using `ChaCha20Poly1305` instead as it is easier and faster than the alternatives such as `AES-256-GCM`.
Examples
Insecure Code
java
javax.crypto.Cipher.getInstance("DESede");Secure Code
java
Cipher chaChaCipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");Remediation
Replace the usage of insecure algorithms like DES, TripleDES with secure ones like ChaCha20Poly1305.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0687 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | cryptography, insecure algorithm |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |