Avoid weak hash algorithms

Docs > Code Analysis > Static Analysis Rules > Avoid weak hash algorithms

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: csharp-security/weak-hash-algorithms

Language: C#

Severity: Warning

Category: Security

CWE: 328

Description

Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.

Learn More

Non-Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = HashAlgorithm.Create("SHA1");
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new SHA1Managed();
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = (HashAlgorithm)CryptoConfig.CreateFromName("MD5");
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new MD5CryptoServiceProvider();
    }
}

Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm1 = new SHA512Managed();
        var hashAlgorithm2 = (HashAlgorithm)CryptoConfig.CreateFromName("SHA512");
        var hashAlgorithm3 = HashAlgorithm.Create("SHA512");
    }
}