# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** Go

- Prevalence: Alta Frequentemente explorada
- Impact: Alto 3 regras de severidade alta
- Prevention: Documentada 4 exemplos de correção

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

Estratégias de prevenção para Broken Cryptographic Algorithm baseadas em 1 regras de detecção do Shoulder.

### Go

Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM

## Warning Signs

- [HIGH] Weak cryptographic algorithm detected: ...

## Consequences

- Ler dados da aplicação
- Burlar mecanismo de proteção

## Mitigations

- Use AES-256 para criptografia simétrica
- Use RSA-2048+ ou ECDSA para criptografia assimétrica
- Use SHA-256 ou SHA-3 para hash

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Use of Weak Cryptographic Algorithm** [HIGH]: Uses MD5, SHA1, DES, or RC4 which are cryptographically broken.
  - Remediation: Replace weak cryptographic algorithms with secure alternatives:
- For passwords: use bcrypt, scrypt, or argon2
- For hashing: use SHA-256 or SHA-512
- For encryption: use AES-256-GCM or ChaCha20-Poly1305