Insufficient Key Size

csharp.insufficient_key_size

Severity

high

Resource

Predictability

Language

CSharp

Description

Inadequate encryption strength due to insufficient key size.

Rationale

In cryptography, the strength of an encryption scheme is significantly driven by the size of the key. Insufficient key sizes can lead to vulnerabilities that render encrypted data susceptible to exposure through brute-force attacks.

In C#, a common mistake is using cryptographic keys with insufficient length in bits. For instance, RSA keys shorter than 1024 bits are generally considered weak for most usages, such as key wrapping and digital signature:

using System;
using System.Security.Cryptography;

public static (string publicKeyPem, string privateKeyPem) GenerateRsaKeyPairPem()
{
    // WULNERABLE - Weak key size for RSA, 1024 bits
    using (RSA rsa = RSA.Create(1024));
    // Export keys in PEM format
    string publicKeyPem = rsa.ExportRSAPublicKeyPem();
    string privateKeyPem = rsa.ExportRSAPrivateKeyPem();
    return (publicKeyPem, privateKeyPem);
}

In this example, calling SA.Create(1024) generates an RSA keypair with a length (RSA modulus) of 1024 bits, which is below the secure threshold for RSA keys.

Remediation

To remedy insufficient key size vulnerabilities, developers should adhere to well-established cryptographic standards and ensure that cryptographic keys are of adequate length. Here are some practical steps for Java:

Update your cryptographic algorithms and libraries: Always use up-to-date and secure libraries. Java’s built-in cryptographic libraries, or well-known libraries like Bouncy Castle, should be considered.
Choose adequate key sizes: For example, with AES, opt for a minimum of 128 bits, ideally 256 bits, for symmetric encryption keys.
Review and Refactor: Legacy systems often contain outdated encryption; perform a security review to identify areas where cryptography needs strengthening.
Stay Informed: Cryptographic standards evolve. Regularly consult NIST and similar organizations’ guidelines to ensure compliance with current best practices.

Through comprehensive auditing and adherence to these guidelines, an organization can significantly reduce the risk posed by insufficient cryptographic key sizes.

For the previous example, the following code should be used instead:

using System;
using System.Security.Cryptography;

public static (string publicKeyPem, string privateKeyPem) GenerateRsaKeyPairPem()
{
    // FIXED - 2048 bit key, the minimum threshold for RSA key length
    using (RSA rsa = RSA.Create(2048));
    // Export keys in PEM format
    string publicKeyPem = rsa.ExportRSAPublicKeyPem();
    string privateKeyPem = rsa.ExportRSAPrivateKeyPem();
    return (publicKeyPem, privateKeyPem);
}

Configuration

The rule has the following configurable parameters:

minKeySize, that indicates the minimum key size allowed for each algorithm.
allowedEllipticCurves, that indicates the elliptic curves allowed for ECDH or ECDSA schemes.

properties:
  minKeySize:
    - AES/128 # Advanced Encryption Standard, block cipher
    - CMAC/128 # Block Cipher Message Authentication Code
    - DiffieHellman/2048 # Diffie-Hellman key agreement
    - DSA/2048 # Digital Signature Standard (DSA)
    - ECDH/256 # Elliptic Curve Diffie-Hellman key agreement
    - ECDSA/256 # Elliptic Curve DSA
    - HMAC/128 # Hash-based Message Authentication Code
    - RSA/2048 # RSA

  # Elliptic curves allowed for ECDH or ECDSA schemes
  allowedEllipticCurves: [
    Curve1174, Curve25519, Curve41417,
    P-256, secp256r1, secp256k1,
    P-384, secp384r1,
    brainpoolP256t1, brainpoolP384t1
  ]

References

CWE-326 : Inadequate Encryption Strength.
http://www.keylength.com/