Information disclosure due to insufficient RSA key size in PyCryptodome

High Risk Cryptographic Vulnerabilities
pythoncryptographypycryptodomersakey-sizeinformation-disclosure

What it is

Using RSA keys with insufficient bit length exposes applications to cryptographic attacks that can lead to key compromise and information disclosure. RSA keys shorter than 2048 bits are considered weak, and even 2048-bit keys are approaching the end of their recommended lifespan. Current NIST guidelines recommend 3072-bit RSA keys to provide adequate security against modern computational capabilities.

ℹī¸ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹī¸ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

Why it happens

Code generates weak RSA keys: from Crypto.PublicKey import RSA; key = RSA.generate(1024). 1024-bit RSA factorizable with modern computing. NIST deprecated 1024-bit in 2013. Minimum 2048-bit required. 3072 or 4096-bit for long-term security. Key size directly impacts security.

Root causes

Generating RSA Keys with Less Than 2048 Bits

Code generates weak RSA keys: from Crypto.PublicKey import RSA; key = RSA.generate(1024). 1024-bit RSA factorizable with modern computing. NIST deprecated 1024-bit in 2013. Minimum 2048-bit required. 3072 or 4096-bit for long-term security. Key size directly impacts security.

Legacy SSL/TLS Certificates with 1024-bit RSA Keys

Old certificates using 1024-bit keys. Web servers with legacy RSA certificates. Certificate authorities stopped issuing 1024-bit in 2013. Browsers show warnings or reject weak keys. Inherited infrastructure requiring certificate renewal.

Using 512 or 768-bit RSA Keys

Extremely weak keys in legacy systems. 512-bit RSA broken in 1999. 768-bit factored in 2009. Historical embedded systems. Constrained devices using weak keys. Export-grade cryptography remnants. Any sub-1024-bit RSA completely insecure.

Performance Concerns Leading to Smaller Keys

Choosing 1024-bit for speed. Embedded systems with limited CPU. High-throughput applications. Performance optimization over security. Modern CPUs handle 2048-bit RSA efficiently. Hardware acceleration available. Performance justification rarely valid with current technology.

Not Understanding RSA Key Size Security Implications

Developers unaware of factorization advances. Not following NIST guidelines. Copying old example code. Believing 1024-bit sufficient. Missing understanding of Moore's Law impact on cryptography. Historical key sizes no longer appropriate.

Fixes

1

Generate RSA Keys with Minimum 2048 Bits

Use adequate key size: from Crypto.PublicKey import RSA; key = RSA.generate(2048). Minimum 2048 bits per current standards. 3072 bits for data needing security beyond 2030. 4096 bits for maximum security. Larger keys require more computation but necessary.

2

Use 4096-bit RSA for Long-Term Encryption

Long-term security: key = RSA.generate(4096). For data requiring 20+ year confidentiality. Certificate authorities, root CAs. Archive encryption. Balances security and performance. Modern CPUs handle 4096-bit reasonably. Future-proofs cryptographic systems.

3

Migrate to Elliptic Curve Cryptography for Better Efficiency

Use ECC for efficiency: from Crypto.PublicKey import ECC; key = ECC.generate(curve='P-256'). P-256 provides 128-bit security with 256-bit keys. Smaller keys than RSA with equivalent security. Faster operations. Modern standard for constrained environments.

4

Implement RSA-PSS with SHA-256 for Signatures

Modern RSA signatures: from cryptography.hazmat.primitives.asymmetric import rsa, padding; private_key = rsa.generate_private_key(65537, 2048); signature = private_key.sign(data, padding.PSS()). RSA-PSS more secure than PKCS#1 v1.5. Combined with SHA-256. Modern RSA best practices.

5

Validate Minimum Key Sizes at Key Generation and Usage

Runtime validation: if key.size_in_bits() < 2048: raise ValueError('RSA key too small'). Check during generation and when loading external keys. Reject weak keys from untrusted sources. Configuration validation. Automated security checks preventing weak key usage.

6

Renew All Certificates with 2048-bit or Larger Keys

Certificate renewal program: identify all 1024-bit certificates. Generate new 2048-bit or 4096-bit keys. Re-issue certificates. Update servers and clients. Coordinate deployment. Certificate lifecycle management ensuring minimum key sizes.

Detect This Vulnerability in Your Code

Sourcery automatically identifies information disclosure due to insufficient rsa key size in pycryptodome and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities