Message-ID: <418782535.3533.1576290995004.JavaMail.confluence@web-pubwiki-prod-02.uk.semmle.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_3532_1496153849.1576290995003" ------=_Part_3532_1496153849.1576290995003 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html Use of a broken or risky cryptographic algorithm

# Use of a broken or risky cryptographic algorithm

=20

Name: Use of a broken or risky cryptographic alg= orithm

Description: Using broken or weak cryptographic = algorithms can allow an attacker to compromise security.

ID: cpp/weak-cryptographic-algorithm

Kind: problem

Severity: error

Precision: medium

=20
=20
=20

Using broken or weak cryptographic algorithms can leave data vulnerable = to being decrypted.

=20

Many cryptographic algorithms provided by cryptography libraries are kno= wn to be weak, or flawed. Using such an algorithm means that an attacker ma= y be able to easily decrypt the encrypted data.

=20
##### Recomme= ndation
=20

Ensure that you use a strong, modern cryptographic algorithm. Use at lea= st AES-128 or RSA-2048.

=20
##### Example
= =20

The following code shows an example of using the `advapi` win= dows API to decrypt some data. When creating a key, you must specify which = algorithm to use. The first example uses DES which is an older algorithm th= at is now considered weak. The second example uses AES, which is a strong m= odern algorithm.

=20

`````` 1void advapi() {  2 HCRYPTPROV hCryptProv;  3 =
HCRYPTKEY hKey;  4 HCRYPTHASH hHash;  5 // other preparation goes here  6  7 // BAD: use 3DES for key  8 CryptDerive=
Key(hCryptProv, CALG_3DES, hHash, 0, &hKey);  9  10 // GOOD: use AES  11 CryptDeri=
veKey(hCryptProv, =
CALG_AES_256, hHa=
sh, 0, &hKey);  12}``````

=20
##### References<= /h5> =20 NIST, FIPS 140 Annex a: = Approved Security Functions.=20 NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic A= lgorithms and Key Lengths.=20 Common Weakness Enumeration: CWE-327. =20
=20

------=_Part_3532_1496153849.1576290995003--