DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Swift

Swift

Made by DeepSource
Use Analyzer

Use of an insecure cipher algorithm SW-S1004

Security
Critical
 cwe-327

DES uses a fixed key length of 56 bits, which is considered insufficient to resist modern brute-force attacks. With the computational power available today, a brute-force attack on DES can be executed relatively quickly.

Triple Data Encryption Standard (3DES), also known as TDEA or DESede, is an enhancement of the original Data Encryption Standard (DES) algorithm. It aims to improve the security of DES by applying the algorithm multiple times in succession with different keys. While 3DES is more secure than single DES. But even Triple DES was proven ineffective against brute force attacks (in addition to slowing down the process substantially).

Due to the weaknesses of DES and 3DES, it's recommended to use more secure and modern encryption algorithms like the Advanced Encryption Standard (AES) instead. AES supports key lengths of 128, 192, and 256 bits and is considered secure against a wide range of attacks.

Bad Practice

import CommonCrypto

let algorithm = CCAlgorithm(kCCAlgorithmDES)
// or
let algorithm = CCAlgorithm(kCCAlgorithm3DES)

Recommended

import CommonCrypto

let algorithm = CCAlgorithm(kCCAlgorithmAES)