Skip to content

Weak Crypto Key Length

Cryptographic keys must be strong.

What does this mean ?

A cryptographic algorithm's key length defines the greatest level of security it can provide. Cryptographic keys must be accurately created using a cryptographically strong random number generator. Common mistakes include keeping hard-coded keys in the code from development or creating a random UUID as a key and immediately utilizing the string as the key value.

What can happen ?

Using a key of an inadequate length in an encryption/decryption technique increases the potential (or likelihood) that the encryption system will be broken (i.e. cracked). The stronger the encryption, the greater the key size. Weak ciphers are encryption/decryption methods that employ key sizes that are fewer than 128 bits (i.e., 16 bytes... 8 bits in a byte). SSL traffic between your server and your visitors may be decrypted by attackers.

Recommendation

To ensure safe communication with your visitors, you should only enable powerful ciphers on your web server. The key length of X.509 certificates must be long (e.g. if RSA or DSA is used the key must be at least 1024 bits)

Sample Code

Vulnerable :

using System;
using System.Security.Cryptography;

namespace MyLibrary
{
    public class MyCryptoClass
    {
        static void Main()
        {
            var dsa1 = new DSACryptoServiceProvider(); // Noncompliant - default key size is 1024
            dsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the DSACryptoServiceProvider class

            var dsa2 = new DSACryptoServiceProvider(2048); // Noncompliant - cannot create DSACryptoServiceProvider with a key size bigger than 1024

            var rsa1 = new RSACryptoServiceProvider(); // Noncompliant - default key size is 1024
            rsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the RSACryptoServiceProvider class

            var rsa2 = new RSACng(1024); // Noncompliant

            // ...
        }
    }
}

Non Vulnerable :

using System;
using System.Security.Cryptography;

namespace MyLibrary
{
    public class MyCryptoClass
    {
        static void Main()
        {
            var dsa1 = new DSACng(); // Compliant - default key size is 2048
            var dsa2 = new DSACng(2048); // Compliant
            var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
            var rsa2 = new RSACng(); // Compliant - default key size is 2048

            // ...
        }
    }
}

Vulnerable :

KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
keyPairGen1.initialize(1024); // Noncompliant

KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); // Noncompliant
keyPairGen5.initialize(ecSpec1);

KeyGenerator keyGen1 = KeyGenerator.getInstance("AES");
keyGen1.init(64); // Noncompliant

Non Vulnerable :

KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("RSA");
keyPairGen6.initialize(2048); // Compliant

KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec ecSpec10 = new ECGenParameterSpec("secp224k1"); // compliant
keyPairGen5.initialize(ecSpec10);

KeyGenerator keyGen2 = KeyGenerator.getInstance("AES");
keyGen2.init(128); // Compliant

Vulnerable :

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 1024, // Noncompliant
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);

Non Vulnerable :

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 2048 // Compliant
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);

Vulnerable :

const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
    modulusLength: 1024,  // Vulnerable
    publicKeyEncoding:  { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}); // Vulnerable: 1024 bits is too short for a RSA key pair

Non Vulnerable :

crypto.generateKeyPair('rsa', {
    modulusLength: 2048,  // Non Vulnerable
    publicKeyEncoding:  { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // Non Vulnerable

Vulnerable :

crypto.generateKeyPair('ec', {
    namedCurve: 'secp112r2',
    publicKeyEncoding:  { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // Vulnerable: secp112r2 curve doesn't provide enough security

Non Vulnerable :

crypto.generateKeyPair('ec', {
    namedCurve: 'secp224k1',
    publicKeyEncoding:  { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // Non Vulnerable

Vulnerable :

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "fmt"
)

func main() {
    //Generate Private Key
    privatekey, err := rsa.GenerateKey(rand.Reader, 1024)
    if err != nil {
        fmt.Println(err)
    }
    fmt.Println(privatekey)
}

Non Vulnerable :

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "fmt"
)

func main() {
    //Generate Private Key
    privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        fmt.Println(err)
    }
    fmt.Println(privatekey)
}

References