Weak Encryption Algorithm
ID |
swift.weak_encryption_algorithm |
Severity |
critical |
Resource |
Cryptography |
Language |
Swift |
Tags |
CWE:327, MASWE:0020, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3, crypto |
Description
Weak encryption algorithm vulnerabilities occur when outdated or insufficiently secure cryptographic algorithms are used, potentially leading to data compromise.
Encryption algorithms like DES, Triple-DES and RC2 are nowadays too weak for cryptographic usage, in particular for ensuring information confidentiality.
Rationale
Encryption algorithms are crucial for ensuring the confidentiality of sensitive data during transmission and storage. However, some algorithms that were secure in the past are now considered vulnerable due to advances in computational power and cryptanalysis techniques.
Two examples are:
-
Triple-DES, now considered a modest improvement over the obsolete and broken DES. It is slower and shorter in key length compared to more secure algorithms.
-
IDEA (International Data Encryption Algorithm). While stronger than DES, IDEA has limited key length and is not as widely supported or vetted as AES for modern use cases.
Instead, more modern algorithms like AES should be used, with key length chosen according to the sensitivity of the date or the time in the future that the data needs to be protected.
Other considerations, such as the use of an appropriate cipher mode and, above all, proper key management, should also be taken into account when using encryption libraries.
Example of insecure encryption usage:
import Foundation
import CommonCrypto
func encryptDataWeakly(_ data: Data, key: Data, iv: Data) -> Data? {
var cryptData = Data(count: data.count + kCCBlockSizeDES)
var numBytesEncrypted: size_t = 0
let cryptStatus = data.withUnsafeBytes { dataBytes in
cryptData.withUnsafeMutableBytes { cryptBytes in
key.withUnsafeBytes { keyBytes in
iv.withUnsafeBytes { ivBytes in
// FLAW: Using DES, a broken encryption algorithm
CCCrypt(
CCOperation(kCCEncrypt),
CCAlgorithm(kCCAlgorithmDES), // FLAW
CCOptions(kCCOptionPKCS7Padding),
keyBytes.baseAddress, key.count,
ivBytes.baseAddress,
dataBytes.baseAddress, data.count,
cryptBytes.baseAddress, cryptData.count,
&numBytesEncrypted
)
}
}
}
}
guard cryptStatus == kCCSuccess else { return nil }
cryptData.count = numBytesEncrypted
return cryptData
}In this example, DES (Data Encryption Standard) is used to encrypt data. DES has been considered cryptographically broken since the late 1990s due to its small key size (56 bits), making it vulnerable to brute-force attacks.
Another common vulnerability with third-party libraries:
import CryptoSwift
func encryptWithRC4(_ plaintext: String, key: String) throws -> String {
let encrypted = try plaintext.encrypt(cipher: ARC4(key: key)) // FLAW: RC4 is broken
return encrypted.toHexString()
}Remediation
To enhance the security of your symmetric encryption practices in applications, adhere to the following recommendations:
1. Use AES: Adopt AES (Advanced Encryption Standard) as it offers strong encryption capabilities with flexible key lengths (128, 192, or 256 bits) and is widely accepted as a robust standard for secure encryption. Only go to other algorithms if necessary. Albeit there are other symmetric ciphers that could be used for special applications, AES is in general the best choice. Alternatives considered robust are ChaCha20-Poly1305, TwoFish, Serpent, or even ASCON for resource-constrained devices.
2. Proper Key Lengths and Modes: For AES, use key lengths of at least 128-bits, and prefer modes like GCM (Galois/Counter Mode) or at least CBC (Cipher Block Chaining) with adequate padding and initialization vectors to enhance security.
3. Up-to-date Libraries: Utilize well-maintained libraries to implement encryption, ensuring your code benefits from the latest security updates and best practices.
4. Regular Security Reviews: Continuously assess and update encryption practices to adapt to new cryptographic research and potential vulnerabilities in existing standards.
Secure implementation using CryptoKit with AES-GCM:
import Foundation
import CryptoKit
func encryptDataSecurely(_ data: Data) throws -> (ciphertext: Data, nonce: AES.GCM.Nonce, tag: Data) {
// Generate a secure 256-bit encryption key
let key = SymmetricKey(size: .bits256)
// Encrypt using AES-GCM (authenticated encryption)
let sealedBox = try AES.GCM.seal(data, using: key)
return (
ciphertext: sealedBox.ciphertext,
nonce: sealedBox.nonce,
tag: sealedBox.tag
)
}
func decryptDataSecurely(ciphertext: Data, nonce: AES.GCM.Nonce, tag: Data, key: SymmetricKey) throws -> Data {
let sealedBox = try AES.GCM.SealedBox(nonce: nonce, ciphertext: ciphertext, tag: tag)
return try AES.GCM.open(sealedBox, using: key)
}Or using ChaCha20-Poly1305 for environments where AES hardware acceleration is not available:
import Foundation
import CryptoKit
func encryptWithChaCha20(_ data: Data) throws -> (ciphertext: Data, nonce: ChaChaPoly.Nonce, tag: Data) {
let key = SymmetricKey(size: .bits256)
// ChaCha20-Poly1305 provides authenticated encryption
let sealedBox = try ChaChaPoly.seal(data, using: key)
return (
ciphertext: sealedBox.ciphertext,
nonce: sealedBox.nonce,
tag: sealedBox.tag
)
}By transitioning to AES-GCM or ChaCha20-Poly1305, these examples leverage modern cryptographic practices with authenticated encryption (AEAD) to ensure strong data confidentiality and integrity, protecting against emerging threats and vulnerabilities.
Configuration
The detector has the following configurable parameters:
-
allowedAlgorithms, that indicates the algorithms that are allowed to be used. Default: [AES, ChaCha20, Camellia] -
forbiddenAlgorithms, that indicates the algorithms that are considered weak and that should not be used. Default: [DES, TripleDES, 3DES, RC2, RC4, RC5, Blowfish, IDEA] -
checkObsolete, that indicates if obsolete algorithm implementations should be always reported. Default: true
References
-
CWE-327 : Use of a Broken or Risky Cryptographic Algorithm.
-
How to choose an Authenticated Encryption mode, for an overview on the different authenticated encryption modes.
-
OWASP - Top 10 2021 Category A02:2021 : Cryptographic Failures.
-
MASWE-0020: Improper Encryption.