Use of broken or risky cryptographic algorithm
Description
DES, TripleDES, RC2, and RC4 are considered broken or insecure cryptographic algorithms. Newer algorithms apply message integrity to validate ciphertext and prevent tampering. Consider using ChaCha20Poly1305 instead, as it is easier and faster than alternatives like AES-256-GCM.
Examples
Insecure Code
python
Cryptodome.Cipher.ARC2.new()Secure Code
python
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305; ChaCha20Poly1305.generate_key()Remediation
Replace the use of insecure algorithms like RC2 with ChaCha20Poly1305 or AES-256-GCM, and ensure the use of secure key generation and nonce management.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0117 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure algorithm, cryptographic failure |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |