# Weak Cryptographic Key Generation

- ID: python-weak-key-generation
- Severity: HIGH
- CWE: CWE-326 (CWE-326)
- Languages: Python

## Description

Detects weak cryptographic key generation: insufficient key sizes, predictable
keys, or using weak algorithms. Cryptographic keys must be sufficiently long
and generated with secure random sources.

## Remediation

Use RSA 2048+ bits or AES-256 with cryptographically secure key generation.

```python
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# RSA: minimum 2048-bit keys
key = RSA.generate(2048)

# AES-256: 32-byte key from secure source
key = get_random_bytes(32)
cipher = AES.new(key, AES.MODE_GCM)
ciphertext, tag = cipher.encrypt_and_digest(data)
```

Learn more: https://shoulder.dev/learn/python/cwe-326/weak-key-generation

## Documentation

[object Object]

## Related Rules

- **JWT Signed with Weak Secret** [HIGH]: