All rules
CA5385Security Enabled by default: No
Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
Microsoft docsDescription
An RSA key smaller than 2048 bits is more vulnerable to brute force attacks.
Cause
Using asymmetric encryption algorithm RSA with key size less than 2048 in one of the following ways:
- Instantiating any descendant classes of System.Security.Cryptography.RSA and specifying the
KeySizeparameter as less than 2048. - Returning any object whose type is descendant of System.Security.Cryptography.RSA.
- Using System.Security.Cryptography.AsymmetricAlgorithm.Create without parameter which would create RSA with the default key size 1024.
- Using System.Security.Cryptography.AsymmetricAlgorithm.Create and specifying the
algNameparameter asRSAwith the default key size 1024. - Using System.Security.Cryptography.CryptoConfig.CreateFromName and specifying the
nameparameter asRSAwith the default key size 1024. - Using System.Security.Cryptography.CryptoConfig.CreateFromName and specifying the
nameparameter asRSAand specifying the key size as smaller than 2048 explicitly byargs.
How to fix violations
Switch to an RSA with at least 2048 key size, ECDH or ECDsa algorithm instead.
Example
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod()
{
RSACng rsaCng = new RSACng(1024);
}
}
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod()
{
RSACng rsaCng = new RSACng(2048);
}
}When to suppress
It is not recommended to suppress this rule unless for compatibility with legacy applications and data.
Your vote
Group results
0 yes 0 no
ConsensusNone (disabled)
Severity preference (yes voters)
Suggestion0
Warning0
Error0