Typescript Insecure Rsa 1024
Description
Detects the use of cryptographically weak RSA key pairs, specifically RSA-1024 bit keys. RSA-1024 is considered insecure for protecting sensitive data as it can potentially be broken using modern computing resources, putting encrypted data at risk of compromise.
Detection Strategy
• Identifies code that generates or configures RSA key pairs
• Reports when RSA key size is explicitly set to 1024 bits
• Flags RSA key generation functions with weak default key sizes
• Detects both direct key generation and configurations passed to cryptographic libraries
Vulnerable code example
const crypto = require('crypto');
// Vulnerable: Uses weak 1024-bit key length for RSA
const options = {
modulusLength: 1024, // Security risk: Key length too short for RSA
publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
privateKeyEncoding: { type: 'pkcs1', format: 'pem' }
};...✅ Secure code example
const crypto = require('crypto');
const options = {
modulusLength: 3072, // Secure: Using 3072 bits for adequate security
publicKeyEncoding: {
type: 'spki', // Secure: Using modern SPKI format
format: 'pem'
},...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.