Inadequate encryption strength
Description
The application is generating an RSA key that is less than the recommended 2048 bits. Consider upgrading to the newer asymmetric algorithm such as `X25519` or use a key size greater than 2048 when generating RSA keys.
Examples
Insecure Code
python
from cryptography.hazmat.primitives.asymmetric import rsa
private_key = rsa.generate_private_key(public_exponent=65537, key_size=1024)Secure Code
python
from cryptography.hazmat.primitives.asymmetric import rsa
private_key = rsa.generate_private_key(public_exponent=65537, key_size=4096)Remediation
Use a key size greater than 2048 when generating RSA keys, or consider upgrading to the newer asymmetric algorithm such as `X25519`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0120 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | inadequate encryption strength, weak key size |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |