Insecure Encryption Algorithm

What is Insecure Encryption Algorithm

Insecure encryption occurs when an application uses encryption that can be broken or does not adequately defend against brute-force attacks. As a result, applications do not properly protect their sensitive data.

When can Insecure Encryption Algorithm affect my application

Insecure Encryption affects applications that use low encryption. Examples include using the RSA algorithm with a low bit key.

How do I know if/where my application has an Insecure Encryption Algorithm vulnerability

Contrast Assess can detect uses of insecure encryption algorithms by monitoring which algorithms are used and the related key sizes.

How do I fix Insecure Encryption Algorithm

Fixing insecure encryption algorithms requires development work to isolate the insecure algorithm. The most effective route is to locate the current acceptable or string version of the algorithm and use it going forward. Use the insecure algorithm only to validate and migrate.

Example

If you use an insecure RSA implementation and need to decrypt data, use the insecure implementation to decrypt old data and then encrypt it using the stronger version.

How do people attack Insecure Encryption Algorithm flaws

Attackers cannot target encryption algorithms remotely. Many attackers will try gathering data from breaches in hopes of brute-forcing weak algorithms later.