CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

[object Object]

Confidentiality→Read Application Data
The confidentiality of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
Integrity→Modify Application Data
The integrity of sensitive data may be compromised by the use of a broken or risky cryptographic algorithm.
Accountability,Non-Repudiation→Hide Activities
If the cryptographic algorithm is used to ensure the identity of the source of the data (such as digital signatures), then a broken algorithm will compromise this scheme and the source of the data cannot be proven.

Architecture and Design
[object Object]
Architecture and Design
Ensure that the design allows one cryptographic algorithm to be replaced with another in the next generation or version. Where possible, use wrappers to make the interfaces uniform. This will make it easier to upgrade to stronger algorithms. With hardware, design the product at the Intellectual Property (IP) level so that one cryptographic algorithm can be replaced with another in the next generat
Architecture and Design
Carefully manage and protect cryptographic keys (see CWE-320). If the keys can be guessed or stolen, then the strength of the cryptography itself is irrelevant.
Architecture and Design
[object Object]
Implementation,Architecture and Design
When using industry-approved techniques, use them correctly. Don't cut corners by skipping resource-intensive steps (CWE-325). These steps are often essential for preventing common attacks.

CWE-327Use of a Broken or Risky Cryptographic Algorithm