> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

<AccordionGroup>
  <Accordion title="insecure-hash-algorithm-sha1">
    Detected SHA1 hash algorithm which is considered insecure. SHA1 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.<br />**Likelihood**: LOW<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insecure-hash-algorithm-md5">
    Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.<br />**Likelihood**: LOW<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insecure-cipher-algorithm-idea">
    IDEA (International Data Encryption Algorithm) is a block cipher created in 1991.  It is an optional component of the OpenPGP standard. This cipher is susceptible to attacks when using weak keys.  It is recommended that you do not use this cipher for new applications. Use a strong symmetric cipher such as EAS instead. With the `cryptography` package it is recommended to use `Fernet` which is a secure implementation of AES in CBC mode with a 128-bit key.  Alternatively, keep using the `Cipher` class from the hazmat primitives but use the AES algorithm instead.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insufficient-ec-key-size">
    Detected an insufficient curve size for EC. NIST recommends a key size of 224 or higher. For example, use 'ec.SECP256R1'.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-326: Inadequate Encryption Strength
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="crypto-mode-without-authentication">
    An encryption mode of operation is being used without proper message authentication. This can potentially result in the encrypted content to be decrypted by an attacker. Consider instead use an AEAD mode of operation like GCM. <br />**Likelihood**: LOW<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insecure-cipher-algorithm-blowfish">
    Blowfish is a block cipher developed by Bruce Schneier. It is known to be susceptible to attacks when using weak keys.  The author has recommended that users of Blowfish move to newer algorithms such as AES. With the `cryptography` package it is recommended to use `Fernet` which is a secure implementation of AES in CBC mode with a 128-bit key.  Alternatively, keep using the `Cipher` class from the hazmat primitives but use the AES algorithm instead.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="empty-aes-key">
    Potential empty AES encryption key. Using an empty key in AES encryption can result in weak encryption and may allow attackers to easily decrypt sensitive data. Ensure that a strong, non-empty key is used for AES encryption.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />- CWE-310: Cryptographic Issues
    <br />**OWASP**: <br />- A
    <br />- 6
    <br />- :
    <br />- 2
    <br />- 0
    <br />- 1
    <br />- 7
    <br />-\
    <br />- m
    <br />- i
    <br />- s
    <br />- c
    <br />- o
    <br />- n
    <br />- f
    <br />- i
    <br />- g
    <br />- u
    <br />- r
    <br />- a
    <br />- t
    <br />- i
    <br />- o
    <br />- n
  </Accordion>

  <Accordion title="insecure-cipher-algorithm-arc4">
    ARC4 (Alleged RC4) is a stream cipher with serious weaknesses in its initial stream output.  Its use is strongly discouraged. ARC4 does not use mode constructions. Use a strong symmetric cipher such as EAS instead. With the `cryptography` package it is recommended to use the `Fernet` which is a secure implementation of AES in CBC mode with a 128-bit key.  Alternatively, keep using the `Cipher` class from the hazmat primitives but use the AES algorithm instead.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insufficient-dsa-key-size">
    Detected an insufficient key size for DSA. NIST recommends a key size of 2048 or higher.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-326: Inadequate Encryption Strength
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insufficient-rsa-key-size">
    Detected an insufficient key size for RSA. NIST recommends a key size of 2048 or higher.<br />**Likelihood**: MEDIUM<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-326: Inadequate Encryption Strength
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>

  <Accordion title="insecure-cipher-mode-ecb">
    ECB (Electronic Code Book) is the simplest mode of operation for block ciphers.  Each block of data is encrypted in the same way.  This means identical plaintext blocks will always result in identical ciphertext blocks, which can leave significant patterns in the output. Use a different, cryptographically strong mode instead, such as GCM.<br />**Likelihood**: LOW<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    <br />**OWASP**: <br />- A03:2017 - Sensitive Data Exposure
    <br />- A02:2021 - Cryptographic Failures
  </Accordion>
</AccordionGroup>
