Usage of inadequate encryption strength
- Rule ID: go_gosec_crypto_weak_key_strength
- Languages: go
- Source: weak_key_strength.yml
Description
Your application uses RSA encryption with a key length shorter than the recommended 2048 bits. Keys under 2048 bits are vulnerable because of the increasing power of modern computers, which could break the encryption by factoring the key.
Remediations
- Do generate RSA keys with a minimum of 2048 bits. This meets NIST recommendations and protects against the risk of keys being compromised by advancements in computing power. Keys shorter than 2048 bits do not provide adequate protection against brute-force attacks.
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
- Do adhere to industry standards and guidelines for cryptographic practices to ensure the security of your data.
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=go_gosec_crypto_weak_key_strength
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=go_gosec_crypto_weak_key_strength