wolfSSL’s wolfcrypt library includes several cryptographic algorithms that are now considered broken or deprecated. While these algorithms are typically disabled by default, developers should be aware of their security implications. Here is the list of these algorithms along with links to documents explaining why they are no longer considered secure:
- RC4/ARC4: Prohibited for TLS use due to keystream biases and practical attacks
- MD2: Moved to Historic Status due to collision attacks
- MD4: Moved to Historic Status, full collision attacks demonstrated
- MD5: Practical collision attacks, can generate collisions in seconds (See https://github.com/wolfSSL/wolfssl/pull/8895)
- SHA-1: Collision attacks demonstrated, officially retired by NIST in 2022
- DES: 56-bit key easily crackable by brute force attacks with modern hardware
- 3DES/TDEA: Deprecated by NIST, vulnerable to Sweet32 birthday attacks
- DSA: Being phased out by NIST, vulnerable to nonce reuse attacks
- RSA-1024 and weaker: There are experiments showing this is already too weak.
Note that these are still in the wolfSSL code base for some specific customer needs.
- Legacy Compatibility: Existing systems and embedded devices require these algorithms for interoperability
- Standards Compliance: Industry standards and regulatory requirements mandate support during transition periods
- Backward Compatibility: Applications migrating from legacy systems need continued support
- Gradual Migration Support: Organizations require time and pathways to transition to secure alternatives
NOTE: These algorithms are disabled by default and require explicit compilation flags (such as WOLFSSL_ALLOW_RC4) to enable them, demonstrating wolfSSL’s commitment to security best practices while maintaining necessary compatibility. There are other ways to enable some of these algorithms that you should be careful about:
- –enable-all will enable all these algorithms
- –enable-all-crypto will enable all these algorithms
- –enable-openssh will enable DSA
- –enable-wpas will enable DSA
- –enable-curl will enable DES3
- –enable-stunnel will enable DES3
- –enable-oldtls will enable MD5 and SHA-1
A great way to check if these algorithms are enabled is to inspect your wolfssl/options.h to see what macros are defined.
All that said, no matter how strong your algorithms are, if you have weak entropy or use weak parameters, your cryptography is eventually destined to fail. Another threat is quantum computers. As the state of the art improves in the field of quantum computing, so increases the risk to our currently considered secure algorithms. If you find these points confusing, please do reach out to us for guidance.
Please think very carefully before enabling any of these algorithms and please do reach out to us if you have any uncertainty with regards to whether you need them.
Here are some other algorithms that are considered broken:
- Dual_EC_DRBG: back-doored
- SIKE (Supersingular Isogeny Key Exchange): broken during NIST PQC competition
- Merkle–Hellman knapsack cryptosystem: broken by Shamir
- Caesar Cipher: vulnerable to brute force attacks and statistical analysis
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now