Avoid weak hash algorithms

Metadata

ID: csharp-security/weak-hash-algorithms

Language: C#

Severity: Warning

Category: Security

Description

Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.

Learn More

Non-Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = HashAlgorithm.Create("SHA1");
    }
}
using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new SHA1Managed();
    }
}
using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = (HashAlgorithm)CryptoConfig.CreateFromName("MD5");
    }
}
using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new MD5CryptoServiceProvider();
    }
}

Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm1 = new SHA512Managed();
        var hashAlgorithm2 = (HashAlgorithm)CryptoConfig.CreateFromName("SHA512");
        var hashAlgorithm3 = HashAlgorithm.Create("SHA512");
    }
}