SV.WEAK.CRYPT
Use of a Broken or Risky Cryptographic Algorithm
The purpose of the checker is to detect broken, risky, or deprecated cryptographic functionality.
The checker detects well-known weak implementations or use of cryptographic APIs or libraries. The checker reports defects on usages of algorithms "MD2", "MD4", "MD5", "SHA", "SHA1", and "SHA-1”.
Vulnerability and risk
When sensitive data is not protected sufficiently, it can lead to a loss of secrecy or integrity of the data. DES encryption can be cracked using brute-force attacks. The MD5-based algorithm is slightly more secure, so it's preferred over the DES-based algorithm, but even the newer SHA-1 algorithm has been cracked. Hash algorithms like the SHA-256 and SHA-512, which are approved by Federal Information Processing Standards (FIPS), are considered more secure. It's important to use a cryptographic algorithm that is currently considered to be the best by experts in the field.
Vulnerable code example 1
public static UUID nameUUIDFromBytes (byte[] name) {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
return make Uuid(md.digest(name), 3);
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
}
}
SV.WEAK.CRYPT reports a defect on line 3.
Fixed code example 1
public static UUID name UUIDFromBytes (byte[] name) {
try {
MessageDigest md = MessageDigest.getinstance("SHA-256");
return makeUuid(md.digest(name), 3);
} catch (NoSuchAlgorithmException e) {
throw new AssertionError(e);
}
}
After changing message-digest algorithm to more secure SHA-256, the issue is gone.
Vulnerable code example 2
Cipher c1 = Cipher.getInstance("DES");
SV.WEAK.CRYPT reports a defect as DES algorithm is not robust.
Fixed code example 2
Cipher c1 = Cipher.getInstance("RSA/None/OAEPWITHSHA-256ANDMGF1PADDING");
No issue is reported when using a secure RSA algorithm with OAEP padding.
Vulnerable code example 3
NullCipher nc = new NullCipher();
SV.WEAK.CRYPT reports a defect as NullCipher does not transform plain text, and is therefore vulnerable.
Fixed code example 3
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
No issue is reported when using Cipher with a more secure algorithm.
Related checkers
External guidance
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- OWASP A3:2017 Sensitive Data Exposure
- OWASP A2:2021 Cryptographic Failures
- V-222555 (APSC-DV-001860): The application must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
Security training
Application security training materials provided by Secure Code Warrior.