# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** Go

- Prevalence: Élevée Fréquemment exploitée
- Impact: Élevé 3 règles de sévérité élevée
- Prevention: Documentée 4 exemples de correctifs

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

Stratégies de prévention pour Broken Cryptographic Algorithm basées sur 1 règles de détection Shoulder.

### Go

Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM

## Warning Signs

- [HIGH] Weak cryptographic algorithm detected: ...

## Consequences

- Lecture des données de l'application
- Contourner le mécanisme de protection

## Mitigations

- Utilisez AES-256 pour le chiffrement symétrique
- Utilisez RSA-2048+ ou ECDSA pour le chiffrement asymétrique
- Utilisez SHA-256 ou SHA-3 pour le hachage

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Use of Weak Cryptographic Algorithm** [HIGH]: Uses MD5, SHA1, DES, or RC4 which are cryptographically broken.
  - Remediation: Replace weak cryptographic algorithms with secure alternatives:
- For passwords: use bcrypt, scrypt, or argon2
- For hashing: use SHA-256 or SHA-512
- For encryption: use AES-256-GCM or ChaCha20-Poly1305