Use of a Broken or Risky Cryptographic Algorithm
- Rule ID: go_gosec_crypto_weak_crypto
- Languages: go
- Source: weak_crypto.yml
The issue identified indicates the use of a cryptographic algorithm that is no longer considered secure by current standards. Such algorithms can compromise data confidentiality and integrity, making it vulnerable to decryption and tampering by unauthorized parties.
To ensure the security of the data, adhere to the following guidelines:
✅ Employ Strong Cryptographic Algorithms
Replace deprecated or weak algorithms with strong, modern alternatives such as AES (Advanced Encryption Standard) for encryption, and SHA-256 or higher for hashing.
✅ Keep Libraries Updated
Use the latest versions of cryptographic libraries, as they are more likely to default to secure algorithms and settings.
❌ Avoid Deprecated Algorithms
Do not use cryptographic algorithms that have been deprecated due to vulnerabilities, such as MD5, SHA-1, or DES.
❌ Do Not Reinvent Cryptography
Avoid custom cryptographic implementations as they are more susceptible to errors. Instead, rely on well-reviewed and tested standard cryptographic libraries.
OWASP Top 10
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=go_gosec_crypto_weak_crypto
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=go_gosec_crypto_weak_crypto
Ready to take the next step? Learn more about Bearer Cloud.