# python.cryptography.security.insecure-cipher-algorithms.insecure-cipher-algorithm-idea

Verifed by r2c

Community Favorite

returntocorp

Author

99,223

Download Count*

License

Detected IDEA cipher algorithm which is considered insecure. The algorithm is considered weak and has been deprecated. Use AES instead.

## Run Locally

## Run in CI

## Defintion

```
rules:
- id: insecure-cipher-algorithm-idea
pattern: cryptography.hazmat.primitives.ciphers.algorithms.IDEA(...)
message: Detected IDEA cipher algorithm which is considered insecure. The
algorithm is considered weak and has been deprecated. Use AES instead.
metadata:
source-rule-url: https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L98
cwe:
- "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
owasp:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
bandit-code: B304
references:
- https://tools.ietf.org/html/rfc5469
category: security
technology:
- cryptography
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
confidence: MEDIUM
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
severity: WARNING
languages:
- python
```

### Examples

#### insecure-cipher-algorithms.py

```
# cf. https://github.com/PyCQA/bandit/blob/b78c938c0bd03d201932570f5e054261e10c5750/examples/ciphers.py
from cryptography.hazmat.primitives.ciphers import Cipher
from cryptography.hazmat.primitives.ciphers import algorithms
from cryptography.hazmat.primitives.ciphers import modes
from cryptography.hazmat.backends import default_backend
from struct import pack
# ruleid:insecure-cipher-algorithm-idea
cipher = Cipher(algorithms.IDEA(key), mode=None, backend=default_backend())
encryptor = cipher.encryptor()
ct = encryptor.update(b"a secret message")
# ok:insecure-cipher-algorithm-idea
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
ct = encryptor.update(b"a secret message") + encryptor.finalize()
```

Short Link: https://sg.run/3xyK