Skip to content

Weak Crypto Key Length

Cryptographic keys should be robust

What does this mean ?

The key length used by a cryptographic algorithm determines the highest security it can offer. Cryptographic keys need to be generated correctly by a cryptographically strong random number generator. Common errors include leaving hard-coded keys in the code from development or generating a random UUID as a key and using the string directly as the key value.

What can happen ?

Using an insufficient length for a key in an encryption/decryption algorithm opens up the possibility (or probability) that the encryption scheme could be broken (i.e. cracked). The larger the key size the stronger the cipher. Weak ciphers are generally known as encryption/ decryption algorithms that use key sizes that are less than 128 bits (i.e., 16 bytes … 8 bits in a byte) in length. Attackers might decrypt SSL traffic between your server and your visitors.

Recommendation

You should allow only strong ciphers on your web server to protect secure communication with your visitors. X.509 certificates key length must be strong (e.g. if RSA or DSA is used the key must be at least 1024 bits)

Sample Code

Vulnerable :

using System;
using System.Security.Cryptography;

namespace MyLibrary
{
    public class MyCryptoClass
    {
        static void Main()
        {
            var dsa1 = new DSACryptoServiceProvider(); // Noncompliant - default key size is 1024
            dsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the DSACryptoServiceProvider class

            var dsa2 = new DSACryptoServiceProvider(2048); // Noncompliant - cannot create DSACryptoServiceProvider with a key size bigger than 1024

            var rsa1 = new RSACryptoServiceProvider(); // Noncompliant - default key size is 1024
            rsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the RSACryptoServiceProvider class

            var rsa2 = new RSACng(1024); // Noncompliant

            // ...
        }
    }
}

Non Vulnerable :

using System;
using System.Security.Cryptography;

namespace MyLibrary
{
    public class MyCryptoClass
    {
        static void Main()
        {
            var dsa1 = new DSACng(); // Compliant - default key size is 2048
            var dsa2 = new DSACng(2048); // Compliant
            var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
            var rsa2 = new RSACng(); // Compliant - default key size is 2048

            // ...
        }
    }
}

Vulnerable :

KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
keyPairGen1.initialize(1024); // Noncompliant

KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec ecSpec1 = new ECGenParameterSpec("secp112r1"); // Noncompliant
keyPairGen5.initialize(ecSpec1);

KeyGenerator keyGen1 = KeyGenerator.getInstance("AES");
keyGen1.init(64); // Noncompliant

Non Vulnerable :

KeyPairGenerator keyPairGen6 = KeyPairGenerator.getInstance("RSA");
keyPairGen6.initialize(2048); // Compliant

KeyPairGenerator keyPairGen5 = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec ecSpec10 = new ECGenParameterSpec("secp224k1"); // compliant
keyPairGen5.initialize(ecSpec10);

KeyGenerator keyGen2 = KeyGenerator.getInstance("AES");
keyGen2.init(128); // Compliant

Vulnerable :

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 1024, // Noncompliant
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);

Non Vulnerable :

$config = array(
    "digest_alg" => "sha512",
    "private_key_bits" => 2048 // Compliant
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);

References