Inadequate Encryption Strength
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-326: Inadequate Encryption Strength |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code generates DSA cryptographic keys with a size less than 2048 bits, which is considered too weak by modern security standards. This makes the keys easier to break using current computing power.
Impact#
Using weak DSA keys can allow attackers to crack the encryption, leading to exposure of sensitive data, impersonation, or unauthorized access. This undermines the security of your application and puts both user and organizational data at risk.