# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

- Prevalence: Élevée Fréquemment exploitée
- Impact: Élevé 3 règles de sévérité élevée
- Prevention: Documentée 4 exemples de correctifs

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

Stratégies de prévention pour Broken Cryptographic Algorithm basées sur 4 règles de détection Shoulder.

### Go

Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM

### JavaScript

Always specify allowed algorithms when verifying JWT tokens

Use SHA-256+ for hashing, AES-256-GCM for encryption, and bcrypt for passwords

### Python

Replace MD5/SHA-1/DES/RC4 with SHA-256/SHA-3 for hashing and AES-GCM for encryption

## Warning Signs

- [HIGH] Weak cryptographic algorithm detected: ...
- [HIGH] jwt.verify() without algorithm specification allows 'none' algorithm attack
- [HIGH] JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that by
- [HIGH] use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data
- [MEDIUM] use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4

## Consequences

- Lecture des données de l'application
- Contourner le mécanisme de protection

## Mitigations

- Utilisez AES-256 pour le chiffrement symétrique
- Utilisez RSA-2048+ ou ECDSA pour le chiffrement asymétrique
- Utilisez SHA-256 ou SHA-3 pour le hachage

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (2 rules)

- **JWT Algorithm Confusion Attack** [HIGH]: Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
  - Remediation: Always specify allowed algorithms when verifying JWT tokens.
Example: jwt.verify(token, secret, { algorithms: ['RS256'] })
- **Use of Weak Cryptographic Algorithm** [HIGH]: Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.

**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities

**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
  - Remediation: Use bcrypt/argon2 for passwords, SHA-256+ for hashing, and AES-256-GCM for encryption.

```javascript
const bcrypt = require('bcrypt');
const hash = await bcrypt.hash(password, 12);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-327/weak-crypto-algorithm

### Typescript (2 rules)

- **JWT Algorithm Confusion Attack** [HIGH]: Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
  - Remediation: Always specify allowed algorithms when verifying JWT tokens.
Example: jwt.verify(token, secret, { algorithms: ['RS256'] })
- **Use of Weak Cryptographic Algorithm** [HIGH]: Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.

**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities

**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
  - Remediation: Use bcrypt/argon2 for passwords, SHA-256+ for hashing, and AES-256-GCM for encryption.

```javascript
const bcrypt = require('bcrypt');
const hash = await bcrypt.hash(password, 12);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-327/weak-crypto-algorithm

### Go (1 rules)

- **Use of Weak Cryptographic Algorithm** [HIGH]: Uses MD5, SHA1, DES, or RC4 which are cryptographically broken.
  - Remediation: Replace weak cryptographic algorithms with secure alternatives:
- For passwords: use bcrypt, scrypt, or argon2
- For hashing: use SHA-256 or SHA-512
- For encryption: use AES-256-GCM or ChaCha20-Poly1305

### Python (1 rules)

- **Weak Cryptographic Algorithm** [MEDIUM]: Detects use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4. Use modern algorithms like SHA-256, SHA-3, AES, or ChaCha20.
  - Remediation: Use SHA-256/SHA-3 for hashing and AES for encryption.

```python
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# Secure hashing
hash_value = hashlib.sha256(data).hexdigest()

# Secure encryption
key = get_random_bytes(32)  # AES-256
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(data)
```

Learn more: https://shoulder.dev/learn/python/cwe-327/weak-crypto-algorithm