C Sharp Insecure Ec Key
Description
Detects the usage of cryptographically weak elliptic curve key sizes in C# applications. Using insufficient key lengths for elliptic curve cryptography can make the encryption vulnerable to attacks and potentially allow attackers to break the cryptographic protection.
Weakness:
421 - Insecure encryption algorithm - Insecure Elliptic Curve
Category: Information Collection
Detection Strategy
• Identifies usage of elliptic curve cryptography in C# code
• Examines key size parameters in EC cryptographic operations
• Reports a vulnerability when key sizes are below recommended secure minimums
• Specifically looks for key size parameters in ECDsa and ECDiffieHellman class instantiations
• Flags cases where explicit key sizes are set to insecure values
Vulnerable code example
using System.Security.Cryptography;
public class InsecureECDH
{
public static void Main()
{
// Vulnerable: Using insufficient key size (128 bits) for EC Diffie-Hellman
ECDiffieHellmanCng ecd = new ECDiffieHellmanCng(128); ...✅ Secure code example
using System.Security.Cryptography;
public class SecureECDH
{
public static void Main()
{
// Secure: Using NIST P-384 curve with 384-bit key length for strong security
ECDiffieHellman ecd = ECDiffieHellman.Create(ECCurve.NamedCurves.nistP384);...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.