Insecure Use of Cryptography

Why is this important?

Cryptography is hard. And when it is used in an application, it's usually to make sure user data is secure in transit and at rest. Unfortunately, cryptographic libraries are not always easy to use. They require proper configuration and settings to ensure the data is safe.

Check out this video for a high-level explanation:

Insecure Cryptographic Storage

Fixing Insecure Use of Cryptography

Option A: Use Strong RSA Key Size

  1. Go through the issues that GuardRails identified in the PR.
  2. Identify the code that uses rsa.GenerateKey:

     package main
     import (
         "crypto/rand"
         "crypto/rsa"
         "fmt"
     )
     func main() {
         // Generate Private Key
         // 1024 is a weak key size for RSA
         pvk, err := rsa.GenerateKey(rand.Reader, 1024)
         if err != nil {
             fmt.Println(err)
         }
         fmt.Println(pvk)
     }
    

    and ensure the minimum acceptable key size of 2048 is used:

     // Ensure that the key size is at least 2048 bit
     pvk, err := rsa.GenerateKey(rand.Reader, 2048)
    
  3. Test it

  4. Ship it 🚢 and relax 🌴

More information: