diff --git a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
index 9aef9b44c6b..720ed112981 100644
--- a/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
@@ -155,8 +155,11 @@ private predicate hasShortAESKey(MethodAccess ma, string msg) {
 bindingset[type]
 private predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
   ma.getMethod() instanceof KeyPairGeneratorInitMethod and
-  ma.getQualifier() instanceof JavaSecurityKeyPairGenerator and
-  ma.getQualifier().getBasicBlock() instanceof JavaSecurityKeyPairGenerator and
+  //ma.getQualifier() instanceof JavaSecurityKeyPairGenerator and
+  //ma.getQualifier().getBasicBlock() instanceof JavaSecurityKeyPairGenerator and
+  // * USE BELOW
+  ma.getQualifier().getBasicBlock().getAPredecessor() instanceof JavaSecurityKeyPairGenerator and
+  // * USE ABOVE
   //ma.getQualifier().getBasicBlock().getNode(2) instanceof JavaSecurityKeyPairGenerator and
   // ma.getQualifier()
   //     .getBasicBlock()
@@ -167,6 +170,7 @@ private predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string
   //     .getValue()
   //     .toUpperCase() = type and
   //ma.getQualifier().getBasicBlock().getAPredecessor() instanceof JavaSecurityKeyPairGenerator and
+  // * USE BELOW
   ma.getQualifier()
       .getBasicBlock()
       .getAPredecessor()
@@ -175,17 +179,20 @@ private predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string
       .(StringLiteral)
       .getValue()
       .toUpperCase() = type and
+  // * USE ABOVE
   // flow needed to correctly determine algorithm type and
   // not match to ANY asymmetric algorithm
-  exists(
-    JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
-    DataFlow::PathNode source, DataFlow::PathNode dest
-  |
-    jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = type and
-    source.getNode().asExpr() = jpg and
-    dest.getNode().asExpr() = ma.getQualifier() and
-    kc.hasFlowPath(source, dest)
-  ) and
+  // * REMOVE BELOW
+  // exists(
+  //   JavaSecurityKeyPairGenerator jpg, KeyPairGeneratorInitConfiguration kc,
+  //   DataFlow::PathNode source, DataFlow::PathNode dest
+  // |
+  //   jpg.getAlgoSpec().(StringLiteral).getValue().toUpperCase() = type and
+  //   source.getNode().asExpr() = jpg and
+  //   dest.getNode().asExpr() = ma.getQualifier() and
+  //   kc.hasFlowPath(source, dest)
+  // ) and
+  // * REMOVE ABOVE
   // VarAccess case needed to handle FN of key-size stored in a variable
   // Note: cannot use CompileTimeConstantExpr since will miss cases when variable is not a compile-time constant
   // (e.g. not declared `final` in Java)
@@ -197,12 +204,12 @@ private predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string
     )
     or
     ma.getArgument(0).(IntegerLiteral).getIntValue() < 2048
-    or
-    exists(
-      AsymmetricKeyTrackingConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-    |
-      cfg.hasFlowPath(source, sink)
-    )
+    // or
+    // exists(
+    //   AsymmetricKeyTrackingConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+    // |
+    //   cfg.hasFlowPath(source, sink)
+    // )
   ) and
   msg = "Key size should be at least 2048 bits for " + type + " encryption."
 }
diff --git a/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java b/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java
index c5f151128fa..9d9f5688520 100644
--- a/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java
+++ b/java/ql/test/query-tests/security/CWE-326/InsufficientKeySizeTest.java
@@ -103,12 +103,15 @@ public class InsufficientKeySizeTest {
         keyPairGen18.initialize(size2); // $ hasInsufficientKeySize
 
         int keysize = 1024;
-        test(keysize);
+        KeyPairGenerator keyPairGen20 = KeyPairGenerator.getInstance("DSA");
+        test(keysize, keyPairGen20);
     }
 
-    public static void test(int keySize) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
+    public static void test(int keySize, KeyPairGenerator kpg) throws java.security.NoSuchAlgorithmException, java.security.InvalidAlgorithmParameterException {
         KeyPairGenerator keyPairGen19 = KeyPairGenerator.getInstance("RSA");
         // BAD: Key size is less than 128
         keyPairGen19.initialize(keySize); // $ hasInsufficientKeySize
+
+        kpg.initialize(1024); // $ hasInsufficientKeySize
     }
 }