# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** Python

- Prevalence: उच्च बार-बार शोषित
- Impact: उच्च 3 उच्च गंभीरता वाले नियम
- Prevention: प्रलेखित 4 फिक्स उदाहरण

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

1 Shoulder डिटेक्शन नियमों पर आधारित Broken Cryptographic Algorithm के लिए रोकथाम रणनीतियाँ।

### Python

Replace MD5/SHA-1/DES/RC4 with SHA-256/SHA-3 for hashing and AES-GCM for encryption

## Warning Signs

- [MEDIUM] use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4

## Consequences

- एप्लिकेशन डेटा पढ़ना
- सुरक्षा तंत्र को बायपास करना

## Mitigations

- सममित एनक्रिप्शन के लिए AES-256 का उपयोग करें
- असममित एनक्रिप्शन के लिए RSA-2048+ या ECDSA का उपयोग करें
- हैशिंग के लिए SHA-256 या SHA-3 का उपयोग करें

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Python (1 rules)

- **Weak Cryptographic Algorithm** [MEDIUM]: Detects use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4. Use modern algorithms like SHA-256, SHA-3, AES, or ChaCha20.
  - Remediation: Use SHA-256/SHA-3 for hashing and AES for encryption.

```python
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# Secure hashing
hash_value = hashlib.sha256(data).hexdigest()

# Secure encryption
key = get_random_bytes(32)  # AES-256
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(data)
```

Learn more: https://shoulder.dev/learn/python/cwe-327/weak-crypto-algorithm