=20

** Name: **Use of a broken or risky cryptographic alg=
orithm

** Description: **Using broken or weak cryptographic =
algorithms can allow an attacker to compromise security.

** ID: **cpp/weak-cryptographic-algorithm

** Kind: **problem

** Severity: **error

** Precision: **medium

=20
##### Recomme=
ndation

=20
##### Example

=
=20
##### References<=
/h5>

Using broken or weak cryptographic algorithms can leave data vulnerable = to being decrypted.

=20Many cryptographic algorithms provided by cryptography libraries are kno= wn to be weak, or flawed. Using such an algorithm means that an attacker ma= y be able to easily decrypt the encrypted data.

=20Ensure that you use a strong, modern cryptographic algorithm. Use at lea= st AES-128 or RSA-2048.

=20The following code shows an example of using the `advapi`

win=
dows API to decrypt some data. When creating a key, you must specify which =
algorithm to use. The first example uses DES which is an older algorithm th=
at is now considered weak. The second example uses AES, which is a strong m=
odern algorithm.

```
1void advapi() { 2 HCRYPTPROV hCryptProv; 3 =
HCRYPTKEY hKey; 4 HCRYPTHASH hHash;
``` 5 // other preparation goes here 6 7 // BAD: use 3DES for key 8 CryptDerive=
Key(hCryptProv, CALG_3DES, hHash, 0, &hKey); 9 10 // GOOD: use AES 11 CryptDeri=
veKey(hCryptProv, =
CALG_AES_256, hHa=
sh, 0, & hKey); 12}

=20
- =20
- NIST, FIPS 140 Annex a: = Approved Security Functions. =20
- NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic A= lgorithms and Key Lengths. =20
- Common Weakness Enumeration: CWE-327.