Cryptography

Detects use of the RC4 stream cipher through the cryptography library's ARC4 algorithm, which has known keystream biases and is prohibited by RFC 7465.

Detects use of the RC4 stream cipher through PyCryptodome's ARC4 module, which has known keystream biases and is prohibited by RFC 7465.

Detects use of the Blowfish cipher through the cryptography library, which has a 64-bit block size making it vulnerable to Sweet32 birthday attacks after approximately 32GB of data.

Detects use of the Blowfish cipher through PyCryptodome, which has a 64-bit block size making it vulnerable to Sweet32 birthday attacks after approximately 32GB of data.

Detects use of the IDEA cipher through the cryptography library, which has a 64-bit block size making it vulnerable to Sweet32 birthday attacks and is deprecated in modern cryptographic standards.

Detects use of the RC2/ARC2 cipher through PyCryptodome, which has a weak key schedule and an effective key length that can be reduced to 40 bits by protocol negotiation, making it vulnerable to brute-force attacks.

Detects use of single DES through PyCryptodome, which has only a 56-bit key that has been publicly brute-forceable since 1999 and is disallowed by FIPS 46-3 (withdrawn 2005).

Detects use of Triple DES (3DES) through PyCryptodome, which has a 64-bit block size vulnerable to Sweet32 birthday attacks and was deprecated by NIST after 2023.

Detects use of the XOR cipher through PyCryptodome, which is not encryption -- it is a weak cipher that provides no real confidentiality. XOR encryption is trivially breakable regardless of key and should never be used for protecting sensitive data.

MD5 is cryptographically broken due to collision attacks since 2004. Use SHA-256 or SHA-3 instead.

SHA-1 was broken by the SHAttered collision attack in 2017 and is deprecated by NIST for all digital signature uses. Use SHA-256 or SHA-3 instead.

MD5 is cryptographically broken due to practical collision attacks since 2004. Use SHA-256 or SHA-3 via PyCryptodome instead.

MD4 has been completely broken since 1995 with full collisions computable in seconds. It has no legitimate security use. Use SHA-256 or SHA-3 instead.

MD2 is an obsolete 1989 algorithm with known preimage attacks, extremely poor performance, and no valid modern use case. Use SHA-256 or SHA-3 instead.

SHA-1 was broken by the SHAttered collision attack in 2017 and is deprecated by NIST for digital signatures. Use SHA-256 or SHA-3 via PyCryptodome instead.

RSA key size is less than 2048 bits. NIST minimum is 2048 bits; 3072+ recommended for new systems.

DSA key size is less than 2048 bits. NIST SP 800-131A requires 2048-bit minimum.

Audit all EC key generation calls — verify the curve is SECP256R1, SECP384R1, or stronger. Weak curves like SECP192R1 must not be used.

RSA key size is less than 3072 bits in PyCryptodome. Use RSA.generate(3072) or higher.

DSA key size is less than 2048 bits in PyCryptodome. Use DSA.generate(2048) or higher.

ECB mode is deterministic and leaks plaintext patterns. Use AES-GCM or AES-CTR+HMAC instead.

CBC/CTR/CFB/OFB mode detected — these modes provide confidentiality but NOT authentication. Verify HMAC is applied or migrate to GCM.

Audit all AES.new() calls — verify the cipher mode is MODE_GCM, MODE_EAX, MODE_SIV, or MODE_CCM. Unauthenticated modes (MODE_ECB, MODE_CBC without HMAC) must not be used.