weak-cryptographic-key (S505)
Derived from the flake8-bandit linter.
What it does
Checks for uses of cryptographic keys with vulnerable key sizes.
Why is this bad?
Small keys are easily breakable. For DSA and RSA, keys should be at least 2048 bits long. For EC, keys should be at least 224 bits long.
Example
from cryptography.hazmat.primitives.asymmetric import dsa, ec
dsa.generate_private_key(key_size=512)
ec.generate_private_key(curve=ec.SECT163K1())
Use instead:
from cryptography.hazmat.primitives.asymmetric import dsa, ec
dsa.generate_private_key(key_size=4096)
ec.generate_private_key(curve=ec.SECP384R1())