SV.WEAK.CRYPT

Use of a Broken or Risky Cryptographic Algorithm

The purpose of the checker is to detect broken, risky, or deprecated cryptographic functionality.

The checker detects well-known weak implementations or use of cryptographic APIs or libraries. The checker reports defects on usages of algorithms "MD2", "MD4", "MD5", "SHA", "SHA1", and "SHA-1”.

Vulnerability and risk

When sensitive data is not protected sufficiently, it can lead to a loss of secrecy or integrity of the data. DES encryption can be cracked using brute-force attacks. The MD5-based algorithm is slightly more secure, so it's preferred over the DES-based algorithm, but even the newer SHA-1 algorithm has been cracked. Hash algorithms like the SHA-256 and SHA-512, which are approved by Federal Information Processing Standards (FIPS), are considered more secure. It's important to use a cryptographic algorithm that is currently considered to be the best by experts in the field.

Vulnerable code example 1

1
2
3
4
5
6
7
8
 public static UUID nameUUIDFromBytes (byte[] name) {
     try {
         MessageDigest md = MessageDigest.getInstance("MD5");
         return make Uuid(md.digest(name), 3);
     } catch (NoSuchAlgorithmException e) {
         throw new AssertionError(e);
     }
 }

SV.WEAK.CRYPT reports a defect on line 3.

Fixed code example 1

1
2
3
4
5
6
7
8
 public static UUID name UUIDFromBytes (byte[] name) {
     try {
         MessageDigest md = MessageDigest.getinstance("SHA-256");
         return makeUuid(md.digest(name), 3);
     } catch (NoSuchAlgorithmException e) {
         throw new AssertionError(e);
     }
 }

After changing message-digest algorithm to more secure SHA-256, the issue is gone.

Vulnerable code example 2

1
Cipher c1 = Cipher.getInstance("DES");

SV.WEAK.CRYPT reports a defect as DES algorithm is not robust.

Fixed code example 2

1
Cipher c1 = Cipher.getInstance("RSA/None/OAEPWITHSHA-256ANDMGF1PADDING");

No issue is reported when using a secure RSA algorithm with OAEP padding.

Vulnerable code example 3

1
NullCipher nc = new NullCipher();

SV.WEAK.CRYPT reports a defect as NullCipher does not transform plain text, and is therefore vulnerable.

Fixed code example 3

1
Cipher c = Cipher.getInstance("AES/GCM/NoPadding"); 

No issue is reported when using Cipher with a more secure algorithm.

Related checkers

• RCA
• SV.WEAK_CRYPTO.WEAK_HASH

External guidance

• CWE-327: Use of a Broken or Risky Cryptographic Algorithm
• OWASP A3:2017 Sensitive Data Exposure
• OWASP A2:2021 Cryptographic Failures
• V-222555 (APSC-DV-001860): The application must use mechanisms meeting the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

Security training

Application security training materials provided by Secure Code Warrior.

• Weak Crypto Algorithm Training Video - Test your skills with a training example