# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** JavaScript

- Prevalence: 높음 자주 악용됨
- Impact: 높음 3개의 높은 심각도 규칙
- Prevention: 문서화됨 4개의 수정 예시

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

2개의 Shoulder 탐지 규칙을 기반으로 한 Broken Cryptographic Algorithm 예방 전략.

### JavaScript

Always specify allowed algorithms when verifying JWT tokens

Use SHA-256+ for hashing, AES-256-GCM for encryption, and bcrypt for passwords

## Warning Signs

- [HIGH] jwt.verify() without algorithm specification allows 'none' algorithm attack
- [HIGH] JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that by
- [HIGH] use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data

## Consequences

- 애플리케이션 데이터 읽기
- 보호 메커니즘 우회

## Mitigations

- 대칭 암호화에는 AES-256을 사용하세요
- 비대칭 암호화에는 RSA-2048 이상 또는 ECDSA를 사용하세요
- 해시 함수로 SHA-256 또는 SHA-3을 사용하세요

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Javascript (2 rules)

- **JWT Algorithm Confusion Attack** [HIGH]: Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
  - Remediation: Always specify allowed algorithms when verifying JWT tokens.
Example: jwt.verify(token, secret, { algorithms: ['RS256'] })
- **Use of Weak Cryptographic Algorithm** [HIGH]: Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.

**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities

**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
  - Remediation: Use bcrypt/argon2 for passwords, SHA-256+ for hashing, and AES-256-GCM for encryption.

```javascript
const bcrypt = require('bcrypt');
const hash = await bcrypt.hash(password, 12);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-327/weak-crypto-algorithm

### Typescript (2 rules)

- **JWT Algorithm Confusion Attack** [HIGH]: Detects JWT verification without explicit algorithm specification, allowing "none" algorithm attacks that bypass authentication.
  - Remediation: Always specify allowed algorithms when verifying JWT tokens.
Example: jwt.verify(token, secret, { algorithms: ['RS256'] })
- **Use of Weak Cryptographic Algorithm** [HIGH]: Detects use of weak or broken cryptographic algorithms for hashing passwords
or sensitive data.

**Weak algorithms detected:**
- **MD5**: Cryptographically broken, vulnerable to collision attacks
- **SHA1**: Deprecated, vulnerable to collision attacks
- **DES/3DES**: Weak block cipher with small key size
- **RC4**: Stream cipher with known vulnerabilities

**Impact:**
- Password hashes can be cracked using rainbow tables or brute force
- Data encrypted with weak algorithms can be decrypted by at
  - Remediation: Use bcrypt/argon2 for passwords, SHA-256+ for hashing, and AES-256-GCM for encryption.

```javascript
const bcrypt = require('bcrypt');
const hash = await bcrypt.hash(password, 12);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-327/weak-crypto-algorithm