# Weak Cryptographic Algorithm

- ID: python-weak-crypto-algorithm
- Severity: MEDIUM
- CWE: Broken Cryptographic Algorithm (CWE-327)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects use of weak or deprecated cryptographic algorithms like MD5, SHA-1,
DES, or RC4. Use modern algorithms like SHA-256, SHA-3, AES, or ChaCha20.

## Remediation

Use SHA-256/SHA-3 for hashing and AES for encryption.

```python
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# Secure hashing
hash_value = hashlib.sha256(data).hexdigest()

# Secure encryption
key = get_random_bytes(32)  # AES-256
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(data)
```

Learn more: https://shoulder.dev/learn/python/cwe-327/weak-crypto-algorithm

## Documentation

[object Object]

## Related Rules

- **Use of Weak Cryptographic Algorithm** [HIGH]: 
- **JWT Algorithm Confusion Attack** [HIGH]: 
- **Use of Weak Cryptographic Algorithm** [HIGH]: