RCA
Risky cryptographic algorithm used
If a program processes sensitive data or protects a communication channel, you may use cryptography to prevent attackers from reading it. There are several obsolete cryptographic algorithms that have proven weaknesses against attack.
The RCA checker detects the use of a specific set of known broken or risky cryptographic algorithm.
Vulnerability and risk
If a program uses broken or risky algorithms in data processing, it could lead to security weaknesses within the program. CWE-327 and NIST Special Publication 800-131A Revision 1 list the following algorithms as broken or risky for use: CBC-MAC, DES, DES-X, Two-key Triple DES, MD2, MD4, MD5, RC2, RNG in ANSI X9.31, SHA-0, SHA-1, SKIPJACK. These algorithms can still be supported in cryptographic libraries, though they are not recommended for use.
Mitigation and prevention
Consider replacing the reported weak algorithm with a stronger one. For example, SHA-256 or SHA-512 can replace SHA-1 or MD5, AES can replace DES, and so on.
Example 1
A function call uses risky algorithm (or initializes an object that represents it).
#include <openssl/md5.h>
void foo( const unsigned char *msg, unsigned int len) {
unsigned char md5digest[MD5_DIGEST_LENGTH];
MD5(msg, len, md5digest); // <== RCA reported
// . . . . .
}
Example 2
A constant C-string literal that identifies a risky algorithm is passed to a function that will perform it or initialize an object instance that represents it.
#include <Bcrypt.h>
void demo()
{
NTSTATUS status;
BCRYPT_ALG_HANDLE hAlg;
status = BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_MD4_ALGORITHM, 0, 0); // <== RCA reported
// use(hAlg)
}
Example 3
An instance of a class that represents a risky algorithm is created.
#include <cryptopp/sha.h>
using namespace CryptoPP;
void bar() {
SHA1 *hashfunc = new SHA1(); // <== RCA reported
// use(hashfunc)
}
Example 4
A custom class is inherited from a class that represents a risky algorithm.
#include <cryptopp/sha.h>
class MyAlgo : public CryptoPP::SHA1 { // <== RCA reported
// . . . . .
};
Related checkers
External guidance
Overview and approval statuses for cryptographic algorithms:
-
NIST.SP.800-131Ar1: NIST Special Publication 800-131A Revision 1. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (November, 2015)
Reports and articles about compromised cryptographic algorithms:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- OWASP A2:2021 Cryptographic Failures
-
Dual_EC_DRBG: Matthew Green. The Many Flaws of Dual_EC_DRBG.
-
Dual_EC_DRBG: Kristian Gjøsteen. Comments on Dual-EC-DRBG/NIST SP 800-90
-
MD5: J. Black, M. Cochran, T. Highland. A study of the MD5 attacks: insights and improvements
-
SHA-1: M. Stevens, P. Karman, T. Peyrin. Freestart collision for full SHA-1
-
SHA-1: C. McDonald, P. Hawkes, J. Pieprzyk. Differential path for SHA-1 with complexity O(2^52)
-
SKIPJACK: Bruce Schneier. Declassifying Skipjack, July 15, 1998
Security training
Application security training materials provided by Secure Code Warrior.