This vulnerability arises when a system uses cryptographic algorithms that are known to be weak, deprecated, or implemented in a risky manner. Examples include the use of outdated algorithms such as MD5, SHA-1, or DES, the use of weak key sizes (e.g., 1024-bit RSA, AES-128 in high-security contexts), or custom “home-rolled” cryptographic constructions. Attackers can exploit these weaknesses to recover plaintext, forge signatures, create hash collisions, or bypass integrity and authenticity guarantees. In blockchain and Web3 systems, this can translate to stolen private keys, forged transactions, or contract takeover.

Remediation

• Replace insecure algorithms with modern, vetted cryptographic primitives:

** Use SHA-256, SHA-3, or BLAKE2 for hashing. ** Use AES-256-GCM or ChaCha20-Poly1305 for encryption and authentication. ** Use at least 2048-bit RSA, or preferably elliptic curve cryptography (e.g., secp256k1, Ed25519).

• Avoid custom or experimental cryptographic constructions. Always rely on established libraries that have undergone peer review and formal analysis.
• Enforce minimum key sizes: 256-bit symmetric keys and ≥2048-bit RSA keys are recommended.
• Apply defence-in-depth: combine crypto with strict access control, key rotation, and robust session handling.
• Monitor industry and NIST deprecation notices; retire algorithms once they are considered unsafe.