# Usage of weak encryption algorithm on a password (DES) ## Overview * **Rule ID**: `javascript_lang_weak_password_encryption_des` * **Applicable Languages**: Javascript * **Weakness ID**: CWE-326 ## Description The Data Encryption Standard (DES) is known for its weaknesses and should not be used for password security. Since encryption is reversible, it can allow retrieval of the original password, making it unsuitable for password storage. Instead, passwords should be hashed, an irreversible process that converts them into a fixed-size string of characters. ## Remediation Guidelines * **Avoid using DES** or any encryption method for password storage. The reversible nature of encryption creates a security risk by potentially enabling the retrieval of the original password. * **Use a robust hashing algorithm** such as Argon2id for password storage. Hashing is a one-way process, preventing the reversal and retrieval of the original password. ```javascript const argon2 = require("argon2"); const hash = await argon2.hash(req.params.password, { type: argon2.argon2id }) ``` ## References * [**OWASP Password Storage Cheat Sheet**](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) * [**CWE-326: Inadequate Encryption Strength**](https://cwe.mitre.org/data/definitions/326.html) * [**OWASP Top 10: A02:2021 - Cryptographic Failures**](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/) ## Configuration To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sec1.io/user-docs/4-sast/3-javascript/usage-of-weak-encryption-algorithm-on-a-password-des.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.