Use of a weak cryptographic key¶
ID: go/weak-crypto-key
Kind: path-problem
Security severity: 7.5
Severity: error
Precision: high
Tags:
- security
- external/cwe/cwe-326
Query suites:
- go-code-scanning.qls
- go-security-extended.qls
- go-security-and-quality.qls
Click to see the query in the CodeQL repository
Incorrect uses of encryption algorithms may result in sensitive data exposure, key leakage, broken authentication, insecure session, and spoofing attacks.
Recommendation¶
Ensure that you use a strong key with a recommended bit size. For RSA encryption the minimum size is 2048 bits.
Example¶
The following code uses RSA encryption with insufficient key size.
package main
import (
"crypto/rand"
"crypto/rsa"
"fmt"
)
func main() {
//Generate Private Key
pvk, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
fmt.Println(err)
}
fmt.Println(pvk)
}
In the example below, the key size is set to 2048 bits.
package main
import (
"crypto/rand"
"crypto/rsa"
"fmt"
)
func main() {
//Generate Private Key
pvk, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
fmt.Println(err)
}
fmt.Println(pvk)
}
References¶
Wikipedia: Cryptographically Strong Algorithms.
Wikipedia: Strong Cryptography Examples.
NIST, FIPS 140 Annex a: Approved Security Functions.
NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
Common Weakness Enumeration: CWE-326.