Use of a broken or risky cryptographic algorithm
Description
Cryptographic algorithms provide many different modes of operation, only some of which provide message integrity. Without message integrity it could be possible for an adversary to attempt to tamper with the ciphertext which could lead to compromising the encryption key. Newer algorithms apply message integrity to validate ciphertext has not been tampered with. Instead of using an algorithm that requires configuring a cipher mode, an algorithm that has built-in message integrity should be used. Consider using `ChaCha20Poly1305` or `AES-256-GCM` instead.
Examples
Insecure Code
python
cryptography.hazmat.primitives.ciphers.modes.ECB(...)Secure Code
python
import os
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
plain_text = b"Secret text to encrypt"
aad = None
key = ChaCha20Poly1305.generate_key()
chacha = ChaCha20Poly1305(key)
nonce = os.urandom(12)
cipher_text = chacha.encrypt(nonce, plain_text, aad)
chacha.decrypt(nonce, cipher_text, aad)Remediation
Replace the used cryptographic algorithm with a secure one, such as `ChaCha20Poly1305` or `AES-256-GCM`, and ensure to regenerate nonce values every time they are used.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0114 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | cryptography, encryption |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |