# Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

The product uses a broken or risky cryptographic algorithm or protocol.

**Stack:** Go

- Prevalence: 高 频繁被利用
- Impact: 高 3 条严重级别为高的规则
- Prevention: 已记录 4 个修复示例

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

Cryptographic algorithms are the backbone of modern information security. Using algorithms that have known weaknesses, such as MD5 or DES, can make it trivial for attackers to defeat the protection.

## Prevention

基于 1 条 Shoulder 检测规则的 Broken Cryptographic Algorithm 预防策略。

### Go

Replace MD5/SHA1/DES/RC4 with bcrypt, SHA-256, or AES-GCM

## Warning Signs

- [HIGH] Weak cryptographic algorithm detected: ...

## Consequences

- 读取应用程序数据
- 绕过保护机制

## Mitigations

- 对称加密使用 AES-256
- 非对称加密使用 RSA-2048 以上或 ECDSA
- 哈希使用 SHA-256 或 SHA-3

## Detection

- Total rules: 4
- Languages: go, javascript, typescript, python

## Rules by Language

### Go (1 rules)

- **Use of Weak Cryptographic Algorithm** [HIGH]: Uses MD5, SHA1, DES, or RC4 which are cryptographically broken.
  - Remediation: Replace weak cryptographic algorithms with secure alternatives:
- For passwords: use bcrypt, scrypt, or argon2
- For hashing: use SHA-256 or SHA-512
- For encryption: use AES-256-GCM or ChaCha20-Poly1305