# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** Go

- Prevalence: 高 頻繁に悪用される
- Impact: ハイ 3 件の重大度ハイのルール
- Prevention: 文書化済み 4 件の修正例

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

1 件の Shoulder 検出ルールに基づく Broken Cryptographic Algorithm の予防策。

### Go

Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM

## Warning Signs

- [HIGH] Weak cryptographic algorithm detected: ...

## Consequences

- アプリケーションデータの読み取り
- 保護メカニズムの回避

## Mitigations

- 対称暗号には AES-256 を使用する
- 非対称暗号には RSA-2048 以上または ECDSA を使用する
- ハッシュには SHA-256 または SHA-3 を使用する

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Use of Weak Cryptographic Algorithm** [HIGH]: Uses MD5, SHA1, DES, or RC4 which are cryptographically broken.
  - Remediation: Replace weak cryptographic algorithms with secure alternatives:
- For passwords: use bcrypt, scrypt, or argon2
- For hashing: use SHA-256 or SHA-512
- For encryption: use AES-256-GCM or ChaCha20-Poly1305