SV.WEAK_CRYPTO.WEAK_HASH

Weak password vulnerability

Brute-force password cracking is one of the most dangerous threats to password security. If the software's encryption scheme isn't strong enough for the level of protection needed, brute-force attacks can succeed using current attack methods and resources. The SV.WEAK_CRYPTO.WEAK_HASH checker flags encrypt, crypt*, and setkey encryption sequences that use DES encryption, which doesn't provide sufficient protection against brute-force password attacks.

Vulnerability and risk

When sensitive data is protected insufficiently, it can lead to loss of the secrecy or integrity of the data. DES encryption can be cracked using brute-force attacks. The MD5-based algorithm is slightly more secure, so it's preferred over the DES-based algorithm, but even the newer SHA-1 algorithm has been cracked. Hash algorithms like the SHA-256 and SHA-512, which are approved by Federal Information Processing Standards (FIPS), are considered more secure. It's important to use a cryptographic algorithm that is currently considered to be the best by experts in the field.

Mitigation and prevention

To avoid poor encryption issues:

  • Use the strongest encryption algorithm possible from proven, secure crypto libraries.
  • If your code is accessing an existing privileged service, let the service handle authentication.
  • Don't hard-code sensitive data or store encryption keys.
  • If you use MD5-based encryption, make sure you include a salt parameter (a string starting with "$1$") to vary the encryption algorithm.

Vulnerable code example

Copy
   #include <stdio.h>
   #include <time.h>
   #include <unistd.h>
   #include <crypt.h>
    
   int
   main(void)
   {
     unsigned long seed[2];
    char salt[] = "$1$........";
    const char *const seedchars =
      "./0123456789ABCDEFGHIJKLMNOPQRST"
      "UVWXYZabcdefghijklmnopqrstuvwxyz";
    char *password;
    int i;
   
    /* Generate a (not very) random seed.
       You can do it better than this... */
    seed[0] = time(NULL);
    seed[1] = getpid() ^ (seed[0] >> 14 & 0x30000);
   
    /* Turn it into printable characters from 'seedchars'. */
    for (i = 0; i < 8; i++)
      salt[3+i] = seedchars[(seed[i/5] >> (i%5)*6) & 0x3f];
  
    /* Read in the user's password and encrypt it. */
    password = crypt(getpass("Password:"), salt); // SV.WEAK_CRYPTO.WEAK_HASH is reported here
  
    /* Print the results. */
    puts(password);
    return 0;
  }