Do not use custom digest

Metadata

ID: java-security/message-digest-custom

Language: Java

Severity: Notice

Category: Security

Description

Avoid custom digest. Datadog recommends using existing digests that are proven to be secure. NIST recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.

Learn More

Non-Compliant Code Examples

class MyProprietaryMessageDigest extends MessageDigest {

    @Override
    protected byte[] engineDigest() {
        // Do not use your own digest
        return null;
    }
}

Compliant Code Examples

class UseExistingDigest {

    protected void usingDigest {
        // instead of defining your own digest, use existing ones
        MessageDigest sha256Digest = MessageDigest.getInstance("SHA256");
        sha256Digest.update(password.getBytes());
    }
}