Use of weak cryptographic key¶
ID: py/weak-crypto-key Kind: problem Severity: error Precision: high Tags: - security - external/cwe/cwe-326 Query suites: - python-code-scanning.qls - python-security-extended.qls - python-security-and-quality.qls
Modern encryption relies on it being computationally infeasible to break the cipher and decode a message without the key. As computational power increases, the ability to break ciphers grows and keys need to become larger.
The three main asymmetric key algorithms currently in use are Rivest–Shamir–Adleman (RSA) cryptography, Digital Signature Algorithm (DSA), and Elliptic-curve cryptography (ECC). With current technology, key sizes of 2048 bits for RSA and DSA, or 224 bits for ECC, are regarded as unbreakable.
Increase the key size to the recommended amount or larger. For RSA or DSA this is at least 2048 bits, for ECC this is at least 224 bits.