You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using broken or weak cryptographic algorithms can leave data
8
+
vulnerable to being decrypted or forged by an attacker.
9
+
</p>
10
+
<p>
11
+
Many cryptographic algorithms provided by cryptography
12
+
libraries are known to be weak, or flawed. Using such an
13
+
algorithm means that encrypted or hashed data is less
14
+
secure than it appears to be.
15
+
</p>
16
+
</overview>
17
+
<recommendation>
18
+
<p>
19
+
Ensure that you use a strong, modern cryptographic
20
+
algorithm, such as AES-128 or RSA-2048.
21
+
</p>
22
+
</recommendation>
23
+
<example>
24
+
25
+
<p>
26
+
The following code uses the <code>OpenSSL</code> library to encrypt some
27
+
secret data. When you create a cipher using <code>OpenSSL</code> you must
28
+
specify the encryption algorithm to use. The first example uses DES, which
29
+
is an older algorithm that is now considered weak. The second example uses
30
+
AES, which is a stronger modern algorithm.
31
+
</p>
32
+
33
+
<samplesrc="examples/broken_crypto.rb" />
34
+
</example>
35
+
<references>
36
+
<li>NIST, FIPS 140 Annex a: <ahref="http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf"> Approved Security Functions</a>.</li>
37
+
<li>NIST, SP 800-131A: <ahref="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"> Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths</a>.</li>
38
+
<li>OWASP: <ahref="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#rule---use-strong-approved-authenticated-encryption">Rule - Use strong approved cryptographic algorithms</a>.
0 commit comments