Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following.
Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows:
(1) Location: main_httpserver.go:203
Broken rule: MD5 is an insecure algorithm;
(2) Location: main_httpserver.go:518
Broken rule: MD5 is an insecure algorithm;
(3) Location: main_httpserver.go:776
Broken rule: MD5 is an insecure algorithm;
(4) Location: main_httpserver.go:884
Broken rule: MD5 is an insecure algorithm;
(5) Location: main_super.go:312
Broken rule: MD5 is an insecure algorithm;
(6) Location: main_super.go:425
Broken rule: MD5 is an insecure algorithm;
(7) Location: device/noise-helpers.go:100
Broken rule: The ScalarMult method of Package curve25519 is deprecated;
We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.
Hi, we are a research group to help developers build secure applications. We designed a cryptographic misuse detector (i.e., CryptoGo) on Go language. We found your great public repository from Github, and several security issues detected by CryptoGo are shown in the following. Note that the cryptographic algorithms are categorized with two aspects: security strength and security vulnerability based on NIST Special Publication 800-57 and other public publications. Moreover, CryptoGo defined certain rules derived from the APIs of Go cryptographic library and other popular cryptographic misuse detectors. The specific security issues we found are as follows: (1) Location: main_httpserver.go:203 Broken rule: MD5 is an insecure algorithm; (2) Location: main_httpserver.go:518 Broken rule: MD5 is an insecure algorithm; (3) Location: main_httpserver.go:776 Broken rule: MD5 is an insecure algorithm; (4) Location: main_httpserver.go:884 Broken rule: MD5 is an insecure algorithm; (5) Location: main_super.go:312 Broken rule: MD5 is an insecure algorithm; (6) Location: main_super.go:425 Broken rule: MD5 is an insecure algorithm; (7) Location: device/noise-helpers.go:100 Broken rule: The ScalarMult method of Package curve25519 is deprecated; We wish the above security issues could truly help you to build a secure application. If you have any concern or suggestion, please feel free to contact us, we are looking forward to your reply. Thanks.