Use of a Broken or Risky Cryptographic Algorithm
Description
The IDEA encryption algorithm is no longer recommended due to identified vulnerabilities and exploits. Consider using ChaCha20Poly1305 or AES-GCM instead.
Examples
Insecure Code
python
cryptography.hazmat.primitives.ciphers.algorithms.IDEA(...)Secure Code
python
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
key = ChaCha20Poly1305.generate_key()
chacha = ChaCha20Poly1305(key)Remediation
Replace IDEA with a secure encryption algorithm like ChaCha20Poly1305 or AES-GCM.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0126 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-327 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | encryption, vulnerability |
| OWASP | A3:2017-Sensitive Data Exposure, A02:2021-Cryptographic Failures |