Exploring CWE-326 Inadequate Encryption Strength
Introduction
The OWASP Top Ten list provides in-depth information about the most common security issues facing web applications. Number two on the list is A02:2021 – Cryptographic Failures, which covers a wide range of common mistakes.
When implementing cryptographic functionality in their code, developers may struggle to determine what cryptographic algorithms and settings are “good enough.” CWE-326 describes the use of inadequate encryption strength for protecting sensitive data.
Cryptographic Algorithms are Fragile
Cryptography is the best way to protect data confidentiality. A strong encryption algorithm, properly used, can’t be broken using known techniques and technology.
However, this protection can be fragile. The goal of a cryptographic algorithm is to render the encrypted data unreadable without knowledge of certain secret values.
This is accomplished via the use of various mathematical operations on the plaintext data, the encrypted key, and potentially other input parameters. The strength of the encryption depends on how well these mathematical functions randomize the encrypted data and the secret key and parameters used. With mathematical formulas, even a small change to the inputs can produce a very different answer, and, with cryptography, this can result in cryptography that is weaker than intended or provides no benefit whatsoever.
Why Cryptography Can Be Too Weak
Inadequate encryption strength covers a broad range of potential errors because encryption algorithms can be weakened in multiple different ways. Some of the common ways by which encryption strength may be rendered inadequate include:
- Weak/Broken Ciphers: Cryptographic algorithms are deprecated when a feasible attack is discovered that can break their encryption. The use of broken algorithms, such as DES, can place sensitive data within an application at risk.
- Inadequate Key Lengths: Any encryption algorithm can be broken via a brute-force search for its encryption key. If a cipher uses a secret key or password that is short enough that a brute force attack is possible, then it is inadequate to protect sensitive data.
- Incorrect Parameters: Encryption algorithms commonly use values that must be random or single use for their security. Violating these requirements can undermine the security of the encryption algorithm.
Case Study: Gnuboard5
CVE-2022-1252 describes a vulnerability in the gnuboard5 forum software. The code from the project’s GitHub repository contained an insecure encrypt function used to protect the anonymity of users’ email addresses on the forum.
The issue is that the code used the Vignere cipher to encrypt users’ email addresses. This cipher was invented in 1553 and has been broken since 1863. With knowledge of a single plaintext/ciphertext pair — such as the encryption of a user’s own email address — it is possible to extract the secret key and decrypt all other users’ email addresses.
Using Strong Cryptography
Avoiding the Inadequate Encryption Strength vulnerability boils down to using cryptographic algorithms properly. Numerous standards and other resources define which algorithms are secure (AES, etc.) and which are not (DES, Vignere, etc.,). These resources and library documentation should also define how the algorithms should be used, and which values need to be random, single use, etc.
Some best practices when implementing cryptography include:
- Use modern, standardized algorithms (AES, etc.)
- Use a trusted library implementation rather than writing encryption code yourself
- Review the documentation to understand requirements for various inputs
Up Next
To help build understanding of how cryptography can go wrong and how to fix it, we’ll continue to dive deep into prevention measures and most of the 29 CWEs related to OWASP’s A02:2021 – Cryptographic Failures vulnerability in a series of blogs. Each blog will describe the weakness, why it happens, a real-world case study, and recommended mitigations.
We’re very committed to improving the state of cryptography and data security by sharing knowledge and helping to correct common misconceptions about how cryptography works and how to use it properly. To keep up with this series and our other research and cryptography content, make sure to subscribe to our blog in the page footer below.