OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry analyzing-crypto-weakness

Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/analyzing-crypto-weakness" ~/.claude/skills/majiayu000-claude-skill-registry-analyzing-crypto-weakness && rm -rf "$T"
manifest: skills/data/analyzing-crypto-weakness/SKILL.md
tags
#cryptography#binary-analysis#security-auditing#vulnerability-scanning#reverse-engineering#code-analysis
source content

Cryptographic Weakness Detection

Detection Workflow

  1. Identify cryptographic functions: Search for crypto-related function names, encryption/decryption operations, hash function usage
  2. Extract crypto parameters: Identify algorithms used, check key sizes and modes, examine IV/nonce handling
  3. Check for hardcoded secrets: Use 
    strings
    to find potential keys, search for common password/key patterns, analyze data sections for secrets
  4. Assess implementation security: Check for constant-time comparisons, verify proper padding, assess randomness of IVs/nonces

Key Patterns

  • Weak algorithms: DES, 3DES, RC4, MD5, SHA1, ECB mode, small key sizes (<128 bits)
  • Hardcoded secrets: passwords/passphrases, keys, IVs/nonces, magic numbers
  • Insecure key management: keys embedded in code, plaintext storage, weak RNG, reused IVs/nonces
  • Implementation issues: timing attacks, side-channel vulnerabilities, incorrect padding, missing authentication

Output Format

Report with: id, type, subtype, severity, confidence, location, algorithm, mode, key_size, issues, recommendation, cve_references, mitigation.

Severity Guidelines

  • CRITICAL: Hardcoded private keys or passwords
  • HIGH: Broken algorithms (DES, RC4) in security-critical code
  • MEDIUM: Weak algorithms in non-critical code
  • LOW: Minor crypto implementation issues

See Also

  • patterns.md
    - Detailed detection patterns and exploitation scenarios
  • examples.md
    - Example analysis cases and code samples
  • references.md
    - CWE references and mitigation strategies