---
title: Avoid DES
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
  Rules > Avoid DES
---

# Avoid DES

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**ID:** `swift-security/avoid-des`

**Language:** Swift

**Severity:** Info

**Category:** Best Practices

**CWE**: [328](https://cwe.mitre.org/data/definitions/328.html)

**Related CWEs**:

- [916](https://cwe.mitre.org/data/definitions/916.html)

## Description{% #description %}

This rule discourages the use of the DES (Data Encryption Standard) algorithm for cryptographic operations. DES is considered insecure due to its short key length and vulnerability to brute-force attacks, making it unsuitable for protecting sensitive data.

To comply with this rule, developers should avoid specifying "des" as the cryptographic algorithm in their code. Instead, use more secure alternatives such as AES (Advanced Encryption Standard), which provides stronger encryption and is widely supported.

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```swift
let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "3des"
```

```swift
let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "des"
```

```swift
let cryptor = try Cryptor(operation: .encrypt, algorithm: .des, options: .none, key: key, iv: [])
```

## Compliant Code Examples{% #compliant-code-examples %}

```swift
let cryptor = try Cryptor(operation: .encrypt, algorithm: .aes, options: .none, key: key, iv: [])
```

```swift
let crypt = CkoCrypt2()
crypt.CryptAlgorithm = "aes"
```
  Seamless integrations. Try Datadog Code SecurityDatadog Code Security 
{% icon name="icon-external-link" /%}