Insecure Use of Cryptography

Why is this important?

Cryptography is hard. And when it is used in an application, it's usually to make sure user data is secure in transit and at rest. Unfortunately, cryptographic libraries are not always easy to use. They require proper configuration and settings to ensure the data is safe.

Check out this video for a high-level explanation:

Fixing Insecure Use of Cryptography

Option A: Use Strong RSA Key Size

Go through the issues that GuardRails identified in the PR.
Identify the code that uses rsa.GenerateKey:

  package main
  import (
      "crypto/rand"
      "crypto/rsa"
      "fmt"
  )
  func main() {
      // Generate Private Key
      // 1024 is a weak key size for RSA
      pvk, err := rsa.GenerateKey(rand.Reader, 1024)
      if err != nil {
          fmt.Println(err)
      }
      fmt.Println(pvk)
  }

and ensure the minimum acceptable key size of 2048 is used:

  // Ensure that the key size is at least 2048 bit
  pvk, err := rsa.GenerateKey(rand.Reader, 2048)

Test it
Ship it 🚢 and relax 🌴

More information:

OWASP Top 10 - A3 Sensitive Data Exposure
Cryptographic Storage Cheat Sheet
Common Weakness Enumeration (CWE-326)
Google Tink Library

GuardRails

General

C/C++

Elixir

Go

Java

Javascript/TypeScript

Kubernetes

PHP

Python

Ruby

Rust

Solidity

Terraform

Insecure Use of Cryptography

Why is this important?

Fixing Insecure Use of Cryptography

Option A: Use Strong RSA Key Size

More information: