Use of a Broken or Risky Cryptographic Algorithm

  • Rule ID: go_gosec_crypto_weak_crypto
  • Languages: go
  • Source: weak_crypto.yml


The issue identified indicates the use of a cryptographic algorithm that is no longer considered secure by current standards. Such algorithms can compromise data confidentiality and integrity, making it vulnerable to decryption and tampering by unauthorized parties.


To ensure the security of the data, adhere to the following guidelines:

✅ Employ Strong Cryptographic Algorithms

Replace deprecated or weak algorithms with strong, modern alternatives such as AES (Advanced Encryption Standard) for encryption, and SHA-256 or higher for hashing.

✅ Keep Libraries Updated

Use the latest versions of cryptographic libraries, as they are more likely to default to secure algorithms and settings.

❌ Avoid Deprecated Algorithms

Do not use cryptographic algorithms that have been deprecated due to vulnerabilities, such as MD5, SHA-1, or DES.

❌ Do Not Reinvent Cryptography

Avoid custom cryptographic implementations as they are more susceptible to errors. Instead, rely on well-reviewed and tested standard cryptographic libraries.


Associated CWE

OWASP Top 10


To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_gosec_crypto_weak_crypto

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_gosec_crypto_weak_crypto

Ready to take the next step? Learn more about Bearer Cloud.