保護DataHogo
Security Encyclopedia/Cryptography
mediumCWE-326A02:2021

Weak Key Size

Using cryptographic keys shorter than recommended minimums (RSA less than 2048 bits, AES less than 128 bits) makes encryption vulnerable to brute-force attacks with modern hardware.

How It Works

Cryptographic key size directly determines how resistant encryption is to brute-force attacks. RSA keys under 2048 bits can be factored with modern computing clusters — a 1024-bit RSA key was factored in 2010 and 768-bit keys are trivially breakable. For symmetric encryption, DES (56-bit keys) and 3DES (effective 112-bit) are deprecated. AES-128 is the minimum acceptable symmetric key size, with AES-256 recommended for long-term protection. As computing power increases and quantum computing advances, weak key sizes become exponentially more vulnerable. Keys that are secure today may be breakable tomorrow if undersized.

Vulnerable Code
const crypto = require('crypto');
// RSA key too small
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 1024
});
// AES key too small
const key = crypto.randomBytes(8); // 64-bit key
const cipher = crypto.createCipheriv('aes-128-gcm', key, iv);
Secure Code
const crypto = require('crypto');
// RSA with adequate key size
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 4096
});
// AES-256 with proper key size
const key = crypto.randomBytes(32); // 256-bit key
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);

Real-World Example

In 2017, the ROCA vulnerability (CVE-2017-15361) affected RSA key generation in Infineon TPM chips used in government IDs and security tokens. Keys of 1024 and 2048 bits generated by these chips could be factored, compromising Estonian national ID cards and numerous corporate security tokens. The attack cost around $20,000 in cloud computing for 2048-bit keys.

How to Prevent It

  • Use RSA key sizes of at least 2048 bits, preferably 4096 bits
  • Use AES-256 (32-byte key) for symmetric encryption
  • Consider switching to elliptic curve cryptography (Ed25519) for better security with smaller keys
  • Audit existing key sizes and rotate any keys below recommended minimums

Affected Technologies

Node.jsPythonJavaGoC#

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

ECB Mode

medium

Using ECB (Electronic Codebook) mode for encryption produces identical ciphertext blocks for identical plaintext blocks, revealing patterns in the encrypted data.

CWE-327A02:2021

Static IV/Nonce

high

Using a hardcoded or constant Initialization Vector (IV) or nonce for encryption defeats the purpose of the IV and allows attackers to detect patterns and decrypt data.

CWE-329A02:2021

Certificate Validation Disabled

critical

Disabling TLS certificate validation with NODE_TLS_REJECT_UNAUTHORIZED=0 or rejectUnauthorized: false allows man-in-the-middle attacks on all HTTPS connections.

CWE-295A07:2021

Weak PRNG for Security

high

Using Math.random() or Date.now() to generate tokens, session IDs, or reset codes produces predictable values that attackers can guess or reproduce.

CWE-338A02:2021