Incorrect choice of parameters to crypto functions

Cryptographic algorithms are only secure when they’re used with the correct parameters. For example, a secure block cipher like the AES algorithm is only secure when used with a secure mode of operation, and RSA encryption is only secure if the correct padding scheme is specified.

The difficulty is increased by crypto APIs that have hidden default values for unspecified paramaters that may often be insecure.

Inappropriate combinations of crypto operations

A typical problem in cryptography is that two operations A and B may be secure on their own, but when executed one after the other on the same key, they are completely insecure. Examples include certain combinations of encryption and signature modes, as well as domain-specific examples like cryptographic operations on PIN codes in the cash machine network.

Incorrect use of randomness

Many cryptographic operations require random numbers in order to be secure. This is often a course of mistakes, including using weak random numbers based on system clock time, using a counter instead of a random number, accessing the random number generator before the system has accumulated enough entropy or leaving in hard-coded test paramaters.

Weak cryptographic keys

Cryptographic keys need to be generated correctly by a cryptographically strong random number generator. Common errors include leaving hard-coded keys in the code from development or generating a random UUID as a key and using the string directly as the key value.

Weak password-based key derivation

Applications use a lot of password-based cryptography, which requires that keys derived from passwords use a sufficiently strong key derivation function to prevent dictionary attacks.

Weak passwords

Even with strong password-based key derivation, passwords need to be chosen to resist dictionary attack.

Key management vulnerabilities

Often the "Achilles’ Heel" of cryptography, errors in key management are common and include weak or misconfigured keystores as well as problems with Hardware Security Modules.

Inappropriate key-lengths and group parameters

Keys need to be chosen to be long enough to resist brute-fore attack. Diffie-Hellman groups have special requirements on their structure that must be observed to avoid the possibility of attack.

Weak cryptographic algorithms

Over time, with advances in cryptanalysis and computing power, cryptographic algorithms become obsolete. Care must be taken that old libraries or framework components are not still using them.

Implementation vulnerabilities in cryptographic libraries

Cryptography is hard to implement securely and bugs in cryptographic libraries are unfortunately common. However, most issues are caused by misuse of cryptographic libraries by their applications.