Use of a weak cryptographic key¶

ID: js/insufficient-key-size
Kind: problem
Security severity: 7.5
Severity: warning
Precision: high
Tags:
   - security
   - external/cwe/cwe-326
Query suites:
   - javascript-code-scanning.qls
   - javascript-security-extended.qls
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Modern encryption relies on it being computationally infeasible to break the cipher and decode a message without the key. As computational power increases, the ability to break ciphers grows and keys need to become larger.

Recommendation¶

An encryption key should be at least 2048-bit long when using RSA encryption, and 128-bit long when using symmetric encryption.

References¶

Wikipedia: RSA.
Wikipedia: AES.
NodeJS: Crypto.
NIST: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
Wikipedia: Key size
Common Weakness Enumeration: CWE-326.

© GitHub, Inc.
Terms
Privacy