CWE - CWE-327: Use of a Broken or Risky Cryptographic Algorithm (1.7)

Home > CWE List > CWE- Individual Dictionary Definition (1.7)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Use of a Broken or Risky Cryptographic Algorithm

Weakness ID: 327 (Weakness Base)

Status: Draft

Description

Description Summary

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the disclosure of sensitive information.

Extended Description

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Time of Introduction

Architecture and Design

Applicable Platforms

Languages

All

Common Consequences

Scope	Effect
Confidentiality	The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
Integrity	The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
Accountability	Any accountability to message content preserved by cryptography may be subject to attack.

Likelihood of Exploit

Medium to High

Demonstrative Examples

Example 1

These code examples use the Data Encryption Standard (DES). Once considered a strong algorithm, it is now regarded as insufficient for many applications. It has been replaced by Advanced Encryption Standard (AES).

(Bad Code)

Example Languages: C and C++

EVP_des_ecb();

(Bad Code)

Example Language: Java

Cipher des=Cipher.getInstance("DES...");

des.initEncrypt(key2);

Observed Examples

Reference	Description
CVE-2008-3775	Product uses "ROT-25" to obfuscate the password in the registry.
CVE-2007-4150	product only uses "XOR" to obfuscate sensitive data
CVE-2007-5460	product only uses "XOR" and a fixed key to obfuscate sensitive data
CVE-2005-4860	Product substitutes characters with other characters in a fixed way, and also leaves certain input characters unchanged.
CVE-2002-2058	Attackers can infer private IP addresses by dividing each octet by the MD5 hash of '20'.
CVE-2008-3188	Product uses DES when MD5 has been specified in the configuration, resulting in weaker-than-expected password hashes.
CVE-2005-2946	Default configuration of product uses MD5 instead of stronger algorithms that are available, simplifying forgery of certificates.
CVE-2007-6013	Product uses the hash of a hash for authentication, allowing attackers to gain privileges if they can obtain the original hash.

Potential Mitigations

Phase	Description
Architecture and Design	Do not develop your own cryptographic algorithms. They will likely be exposed to attacks that are well-understood by cryptographers. Reverse engineering techniques are mature. If your algorithm can be compromised if attackers find out how it works, then it is especially weak.
Architecture and Design	Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations. For example, US government systems require FIPS 140-2 certification. As with all cryptographic mechanisms, the source code should be available for analysis. Periodically ensure that you aren't using obsolete cryptography. Some older algorithms, once thought to require a billion years of computing time, can now be broken in days or hours. This includes MD4, MD5, SHA1, DES, and other algorithms which were once regarded as strong.
Architecture and Design	Design your software so that you can replace one cryptographic algorithm with another. This will make it easier to upgrade to stronger algorithms.
Architecture and Design	Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.
Architecture and Design Implementation	Use languages, libraries, or frameworks that make it easier to use strong cryptography. Industry-standard implementations will save you development time and may be more likely to avoid errors that can occur during implementation of cryptographic algorithms. Consider the ESAPI Encryption feature.
Implementation Architecture and Design	When you use industry-approved techniques, you need to use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.
Testing	Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Background Details

Cryptographic algorithms are the methods by which data is scrambled. There are a small number of well-understood and heavily studied algorithms that should be used by most applications. It is quite difficult to produce a secure algorithm, and even high profile algorithms by accomplished cryptographic experts have been broken.

Since the state of cryptography advances so rapidly, it is common for an algorithm to be considered "unsafe" even if it was once thought to be strong. This can happen when new attacks against the algorithm are discovered, or if computing power increases so much that the cryptographic algorithm no longer provides the amount of protection that was originally thought.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	310	Cryptographic Issues	Development Concepts (primary)699
PeerOf	Weakness Base	311	Failure to Encrypt Sensitive Data	Research Concepts1000
ChildOf	Weakness Class	693	Protection Mechanism Failure	Research Concepts (primary)1000
ChildOf	Category	729	OWASP Top Ten 2004 Category A8 - Insecure Storage	Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf	Category	753	Porous Defenses	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
PeerOf	Weakness Variant	301	Reflection Attack in an Authentication Protocol	Research Concepts1000
ParentOf	Weakness Base	328	Reversible One-Way Hash	Research Concepts (primary)1000
ParentOf	Weakness Class	759	Use of a One-Way Hash without a Salt	Research Concepts (primary)1000
ParentOf	Weakness Class	760	Use of a One-Way Hash with a Predictable Salt	Research Concepts (primary)1000
ParentOf	Weakness Variant	780	Use of RSA Algorithm without OAEP	Research Concepts (primary)1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
CLASP			Using a broken or risky cryptographic algorithm
OWASP Top Ten 2004	A8	CWE More Specific	Insecure Storage

References

Bruce Schneier. "Applied Cryptography". John Wiley & Sons. 1996. <http://www.schneier.com/book-applied.html>.

Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. "Handbook of Applied Cryptography". October 1996. <http://www.cacr.math.uwaterloo.ca/hac/>.

C Matthew Curtin. "Avoiding bogus encryption products: Snake Oil FAQ". 1998-04-10. <http://www.faqs.org/faqs/cryptography-faq/snake-oil/>.

[REF-1] Information Technology Laboratory, National Institute of Standards and Technology. "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES". 2001-05-25. <http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf>.

[REF-2] Paul F. Roberts. "Microsoft Scraps Old Encryption in New Code". 2005-09-15. <http://www.eweek.com/c/a/Security/Microsoft-Scraps-Old-Encryption-in-New-Code/>.

Maintenance Notes

Relationships between CWE-310, CWE-326, and CWE-327 and all their children need to be reviewed and reorganized.

Content History

Submissions
Submission Date	Submitter	Organization	Source
	CLASP		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-08-15		Veracode	External
2008-08-15	Suggested OWASP Top Ten 2004 mapping
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Background Details, Common Consequences, Description, Relationships, Taxonomy Mappings
2009-01-12	CWE Content Team	MITRE	Internal
2009-01-12	updated Demonstrative Examples, Description, Observed Examples, Potential Mitigations, References, Relationships
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Potential Mitigations
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated Maintenance Notes, Relationships
2009-10-29	CWE Content Team	MITRE	Internal
2009-10-29	updated Relationships
2009-12-28	CWE Content Team	MITRE	Internal
2009-12-28	updated References
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Using a Broken or Risky Cryptographic Algorithm

Page Last Updated: December 28, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2010, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us