Cryptography Audit

Purpose

Identify cryptographic vulnerabilities including weak algorithms, insecure configurations, predictable randomness, improper key management, and timing side-channels.

Focus Areas

• Weak Algorithms: MD5, SHA1, DES, RC4, ECB mode
• Insecure Defaults: Short keys, no salt, weak IVs
• Predictable Randomness: Math.random(), time-based seeds
• Key Management: Hardcoded keys, keys in code
• Timing Attacks: Non-constant-time comparisons
• Protocol Issues: SSL/TLS misconfigurations

Dangerous Patterns

Weak Hash Functions (Passwords)

// VULNERABLE - MD5/SHA1 for passwords
let hash = md5::compute(password);
let hash = sha1::digest(password);

// SECURE - Use bcrypt/argon2/scrypt
let hash = bcrypt::hash(password, bcrypt::DEFAULT_COST)?;

Weak Encryption

# VULNERABLE - DES, RC4, ECB mode
cipher = DES.new(key, DES.MODE_ECB)
cipher = ARC4.new(key)
cipher = AES.new(key, AES.MODE_ECB)  # ECB leaks patterns

# SECURE - AES-GCM or ChaCha20-Poly1305
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)

Predictable Randomness

// VULNERABLE - predictable
const token = Math.random().toString(36);
const id = Date.now();

// SECURE - cryptographic randomness
const token = crypto.randomBytes(32).toString('hex');

Non-Constant-Time Comparison

// VULNERABLE - timing attack
if password == storedHash {
    return true
}

// SECURE - constant time
if subtle.ConstantTimeCompare([]byte(a), []byte(b)) == 1 {
    return true
}

Output Format

findings:
  - title: "MD5 used for password hashing"
    severity: high
    attack_scenario: "Attacker cracks MD5 hashes using rainbow tables or GPU cracking"
    preconditions: "Access to password database (via SQLi, backup, breach)"
    reachability: internal_only
    impact: "Mass credential compromise"
    confidence: high
    cwe_id: "CWE-328"
    affected_assets:
      - "src/auth/password.rs:23"
    taint_path: "user.password -> md5::compute() -> db.store()"

Security Requirements by Use Case

Password Storage

Required: bcrypt, argon2, scrypt
Cost factor: >= 10 (bcrypt), memory >= 64MB (argon2)
Salt: Unique per password, >= 16 bytes

Data Encryption

Algorithm: AES-256-GCM, ChaCha20-Poly1305
Key size: >= 256 bits
IV/Nonce: Unique per encryption, never reused
Mode: AEAD (authenticated encryption)

Token Generation

Source: CSPRNG (crypto/rand, secrets module)
Length: >= 32 bytes (256 bits)
Format: hex or base64url

TLS Configuration

Minimum: TLS 1.2 (prefer 1.3)
Ciphers: AEAD only (GCM, ChaCha20)
Certificates: Valid chain, not expired
HSTS: Enabled with long max-age

Severity Guidelines

Issue	Severity
MD5/SHA1 for passwords	High
No salt for passwords	High
DES/RC4 encryption	High
ECB mode	Medium-High
Math.random() for tokens	High
Timing attack on auth	Medium
TLS < 1.2	Medium
Hardcoded crypto keys	Critical
Reused IV/nonce	High
Short key length (<128 bit)	High

KYCo Integration

Register cryptographic vulnerability findings:

1. Check Active Project

kyco project list

2. Register Finding

kyco finding create \
  --title "MD5 used for password hashing" \
  --project PROJECT_ID \
  --severity high \
  --cwe CWE-328 \
  --attack-scenario "Attacker cracks MD5 hashes using rainbow tables or GPU" \
  --impact "Mass credential compromise" \
  --assets "src/auth/password.rs:23"

Common CWE IDs for Crypto Issues

• CWE-328: Reversible One-Way Hash (weak hash)
• CWE-327: Use of Broken Crypto Algorithm
• CWE-330: Insufficient Random Values
• CWE-321: Hardcoded Cryptographic Key
• CWE-326: Inadequate Encryption Strength
• CWE-916: Password Hash Without Salt