Do not use insecure functions

Docs > Code Analysis > Static Analysis Rules > Do not use insecure functions

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: python-security/insecure-hash-functions

Language: Python

Severity: Warning

Category: Security

CWE: 327

Description

Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.

It checks the following modules

hashlib
cryptography

Learn More

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
CWE-328 - Use of Weak Hash

Non-Compliant Code Examples

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())

import hashlib

hashlib.new('md5')
hashlib.new('md4')


hashlib.md5("bla");