Weakness reference
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

This weakness occurs when software relies on cryptographic algorithms that are mathematically broken, computationally weak, or otherwise unsuitable for…

01Summary

This weakness occurs when software relies on cryptographic algorithms that are mathematically broken, computationally weak, or otherwise unsuitable for protecting sensitive data. Examples include MD5, SHA-1, DES, and RC4. Even if implemented correctly, these algorithms can be defeated by modern attackers, leaving data exposed despite the appearance of encryption.

02How It Happens

Developers often choose cryptographic algorithms based on familiarity, legacy code, or outdated documentation rather than current security standards. A broken algorithm may have known mathematical weaknesses (like MD5 collision attacks), insufficient key space (like DES's 56-bit keys), or practical vulnerabilities discovered after deployment. The code may be syntactically correct and follow the algorithm's specification perfectly, but the algorithm itself is fundamentally unsuitable for its intended purpose. Over time, computational power and cryptanalysis advance, rendering previously acceptable choices insecure.

03Real-World Impact

Use of weak cryptography undermines the entire security model of an application. Attackers can forge authentication tokens, decrypt stored passwords, impersonate users, or tamper with data in transit. Password hashes using MD5 or SHA-1 can be cracked in minutes using commodity hardware. Encrypted data protected by DES or RC4 can be decrypted without the key. The damage is often invisible until a breach occurs, because the application continues to function normally.

04Vulnerable & Fixed Patterns

Vulnerable pattern
import hashlib
import base64

def hash_password(password):
    # MD5 is cryptographically broken
    hash_obj = hashlib.md5(password.encode())
    return base64.b64encode(hash_obj.digest()).decode()

def store_user(username, password):
    hashed = hash_password(password)
    # Store hashed password in database
    return hashed

Why it's vulnerable:
MD5 is known to have collision vulnerabilities and is unsuitable for password hashing. Attackers can precompute MD5 hashes of common passwords and match them against stolen hashes in seconds.

Fixed pattern
import hashlib

def hash_password(password):
    # Use bcrypt or scrypt for password hashing
    import bcrypt
    salt = bcrypt.gensalt(rounds=12)
    hashed = bcrypt.hashpw(password.encode(), salt)
    return hashed.decode()

def store_user(username, password):
    hashed = hash_password(password)
    # Store hashed password in database
    return hashed
Vulnerable pattern
<?php
function hash_password($password) {
    // SHA-1 is cryptographically broken
    return sha1($password);
}

function authenticate_user($username, $password) {
    $stored_hash = get_user_hash($username);
    $input_hash = hash_password($password);
    return $stored_hash === $input_hash;
}
?>

Why it's vulnerable:
SHA-1 has known collision attacks and is unsuitable for password hashing. Modern GPU clusters can crack SHA-1 hashes of common passwords in minutes.

Fixed pattern
<?php
function hash_password($password) {
    // Use password_hash() with bcrypt (default in PHP 5.5+)
    return password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
}

function authenticate_user($username, $password) {
    $stored_hash = get_user_hash($username);
    $input_password = $_POST['password'];
    return password_verify($input_password, $stored_hash);
}
?>

05Prevention Checklist

Use only NIST-approved or industry-standard algorithms: AES for encryption, SHA-256 or SHA-3 for hashing, bcrypt/scrypt/Argon2 for password hashing.
Audit all cryptographic code in your application and replace MD5, SHA-1, DES, RC4, and other deprecated algorithms.
Use your language's built-in cryptographic libraries (e.g., hashlib, secrets in Python; password_hash(), openssl_* in PHP) rather than implementing custom crypto.
For password storage, never use general-purpose hash functions; use dedicated password hashing functions with configurable work factors.
Keep cryptographic libraries and dependencies up to date; subscribe to security advisories for your chosen algorithms.
Document which algorithms are used for each purpose (encryption, hashing, signing) and review them annually against current NIST or OWASP guidance.

06Signs You May Already Be Affected

Review your codebase for calls to md5(), sha1(), crypt() without a salt, or encryption using DES, RC4, or Blowfish. Check your password storage mechanism: if hashes are short (32 or 40 characters) and all the same length, they are likely MD5 or SHA-1. Examine your TLS/SSL configuration: if it supports SSLv3, TLS 1.0, or cipher suites using RC4 or DES, upgrade immediately.

07Related Recent Vulnerabilities