Weakness reference
CWE-326

Inadequate Encryption Strength

This weakness occurs when software encrypts sensitive data using an encryption algorithm or key size that is too weak to resist modern attack methods. Even if…

01Summary

This weakness occurs when software encrypts sensitive data using an encryption algorithm or key size that is too weak to resist modern attack methods. Even if encryption is implemented correctly, using outdated algorithms or short keys can allow attackers to decrypt data through brute force or cryptanalysis. The strength of encryption must match the sensitivity of what you're protecting and the realistic threat landscape.

02How It Happens

Encryption strength is determined by the algorithm used and the key length. Older algorithms (like DES or MD5-based schemes) or short key sizes (like 40-bit or 56-bit keys) were once considered acceptable but are now computationally feasible to break. Developers sometimes choose weak encryption because it was the standard when code was written, because they misunderstand modern cryptographic requirements, or because they prioritize speed over security. Additionally, using encryption in an insecure mode (like ECB mode) or with weak key derivation can undermine even a theoretically strong algorithm.

03Real-World Impact

If encryption is too weak, attackers with sufficient computational resources can decrypt sensitive data such as passwords, payment information, personal identifiers, or authentication tokens. This can lead to account takeover, identity theft, financial fraud, or exposure of confidential business information. The damage may not be immediate—data encrypted with weak schemes today can be decrypted years later as computing power increases, making this a long-term risk even for historical breaches.

04Vulnerable & Fixed Patterns

Vulnerable pattern
import hashlib
from Crypto.Cipher import DES

# Weak: DES is cryptographically broken
key = b'12345678'  # 56-bit key
cipher = DES.new(key, DES.MODE_ECB)
ciphertext = cipher.encrypt(b'sensitive_data_')

# Weak: MD5 for password hashing
password = "user_password"
hashed = hashlib.md5(password.encode()).hexdigest()

Why it's vulnerable:
DES has a 56-bit key space that can be brute-forced in hours with modern hardware. MD5 is not a password hashing function and is vulnerable to rainbow tables and collision attacks. ECB mode leaks patterns in plaintext.

Fixed pattern
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import bcrypt

# Strong: AES-256 with CBC mode and random IV
key = get_random_bytes(32)  # 256-bit key
iv = get_random_bytes(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
ciphertext = cipher.encrypt(b'sensitive_data_')

# Strong: bcrypt for password hashing
password = "user_password"
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=12))
Vulnerable pattern
<?php
// Weak: mcrypt with DES (deprecated)
$key = "12345678";
$plaintext = "sensitive_data_";
$ciphertext = mcrypt_encrypt(MCRYPT_DES, $key, $plaintext, MCRYPT_MODE_ECB);

// Weak: MD5 for password storage
$password = "user_password";
$hashed = md5($password);
?>

Why it's vulnerable:
DES is cryptographically broken and mcrypt is deprecated. MD5 is not suitable for password hashing and is vulnerable to precomputed attacks.

Fixed pattern
<?php
// Strong: AES-256 with OpenSSL
$key = openssl_random_pseudo_bytes(32);  // 256-bit key
$iv = openssl_random_pseudo_bytes(16);
$plaintext = "sensitive_data_";
$ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);

// Strong: bcrypt for password hashing
$password = "user_password";
$hashed = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
?>

05Prevention Checklist

Use AES-256 or ChaCha20 for symmetric encryption; avoid DES, 3DES, and RC4.
Use CBC, CTR, or GCM modes; avoid ECB mode.
Generate cryptographic keys using a secure random source with at least 256 bits of entropy.
For password hashing, use bcrypt, scrypt, or Argon2 with appropriate cost/iteration parameters; never use MD5, SHA-1, or unsalted hashes.
Regularly audit dependencies and update cryptographic libraries when security patches are released.
Document the encryption scheme used for each data type and review it annually against current NIST or OWASP recommendations.

06Signs You May Already Be Affected

Review your codebase for use of deprecated functions like mcrypt_*, md5() for passwords, or hardcoded short keys. Check configuration files and documentation for references to DES, 3DES, RC4, or MD5. If you have logs of encryption operations, verify that key lengths are at least 128 bits for symmetric encryption and that modern algorithms are in use.

07Related Recent Vulnerabilities