Usage of weak encryption algorithm (DSA)

• Rule ID: ruby_lang_weak_encryption_dsa
• Languages: ruby
• Source: weak_encryption_dsa.yml

Description

Using a weak encryption algorithm like 1024-bit DSA (Digital Signature Algorithm) compromises data security, making it vulnerable to breaches.

Remediations

• Do not use 1024-bit DSA for encryption. This algorithm is no longer considered secure.

  OpenSSL::PKey::DSA.new(1024) # unsafe

• Do use stronger, more secure algorithms such as bcrypt for encrypting data. bcrypt is designed to be a slow hashing algorithm, which makes it harder for attackers to decrypt.

  BCrypt::Password.create('iLOVEdogs123')

References

• BCrypt Explained

Associated CWE

• CWE-327: Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10

• A02:2021 - Cryptographic Failures

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_lang_weak_encryption_dsa

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_lang_weak_encryption_dsa