Do not use custom digest


ID: java-security/message-digest-custom

Language: Java

Severity: Notice

Category: Security


Avoid custom digest. Datadog recommends using existing digests that are proven to be secure. NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.

Learn More

Non-Compliant Code Examples

class MyProprietaryMessageDigest extends MessageDigest {

    protected byte[] engineDigest() {
        // Do not use your own digest
        return null;

Compliant Code Examples

class UseExistingDigest {

    protected void usingDigest {
        // instead of defining your own digest, use existing ones
        MessageDigest sha256Digest = MessageDigest.getInstance("SHA256");
} jetbrains

Seamless integrations. Try Datadog Code Analysis