Weak encryption: Insufficient key size¶
ID: cs/insufficient-key-size Kind: problem Severity: warning Precision: high Tags: - security - external/cwe/cwe-326 Query suites: - csharp-code-scanning.qls - csharp-security-extended.qls - csharp-security-and-quality.qls
This rule finds uses of encryption algorithms with too small a key size. Encryption algorithms are vulnerable to brute force attack when too small a key size is used.
The key should be at least 2048-bit long when using RSA encryption, and 128-bit long when using symmetric encryption.