Go Deprecated Dsa Functions Use
Description
This detector identifies usage of deprecated DSA (Digital Signature Algorithm) cryptographic functions from Go's crypto/dsa package. DSA has known security weaknesses including vulnerability to timing attacks and inadequate randomness, making it unsuitable for modern cryptographic applications compared to more secure alternatives like ECDSA or Ed25519.
Detection Strategy
• Go source code imports the 'crypto/dsa' package (directly or with an alias)
• Code calls any of the deprecated DSA functions: GenerateKey, GenerateParameters, Sign, or Verify
• Function calls use the correct package alias or direct 'dsa.' prefix when referencing these methods
Vulnerable code example
package main
import (
"crypto/dsa"
"crypto/rand"
)
func main() {...✅ Secure code example
package main
import (
"crypto/ed25519"
"crypto/rand"
)
func main() {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.