Insecure Use of Cryptography
Why is this important?
Cryptography is hard. And when it is used in an application, it's usually to make sure user data is secure in transit and at rest. Unfortunately, cryptographic libraries are not always easy to use and can even be insecure themselves. They require proper configuration and settings to ensure the data is safe.
Check out this video for a high-level explanation:
Fixing Insecure Use of Cryptography
Option A: Use Strong RSA Key Size
- Go through the issues that GuardRails identified in the PR.
- Identify the code that uses any of these imports:
Crypto.Cipher
Crypto.Hash
Crypto.IO
Crypto.Protocol
Crypto.PublicKey
Crypto.Random
Crypto.Signature
Crypto.Utilrsa.GenerateKey
Such as the example below:
from Crypto.PublicKey import DSA
...
DSA.generate_private_key(512, backends.default_backend())
and replace it with the according library from Pyca/Cryptography
from cryptography.hazmat.primitives.asymmetric import dsa
# And make sure the key size is at least 2048
private_key = dsa.generate_private_key(key_size=2048, backend=default_backend())
- Test it
- Ship it 🚢 and relax 🌴