DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Rust

Rust

Made by DeepSource
Use Analyzer

Insufficient RSA key size RS-S1005

Security
Major
 a02 cwe-310 owasp top 10

The strength of public-key-based cryptographic algorithm (like RSA) is determined by the time that it takes to derive the private key by using brute-force methods. 1024-bit keys are to be avoided since they are easy to brute-force. However, 2048-bit keys are said to be sufficient until 2030. Preferably use 4096-bit keys.

Consider increasing the key size to atleast 2048 bits.

Bad practice

use rsa::RsaPrivateKey;

let mut rng = rand::thread_rng();
let priv_key = RsaPrivateKey::new(&mut rng, 1024);

Recommended

use rsa::RsaPrivateKey;

let mut rng = rand::thread_rng();
let priv_key = RsaPrivateKey::new(&mut rng, 4096);

References