Do not use insecure functions

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: python-security/insecure-hash-functions

Language: Python

Severity: Warning

Category: Security

CWE: 327

Description

Do not use a broken or risky cryptographic algorithm. This exposes you to unwanted attacks.

It checks the following modules

Learn More

  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-328 - Use of Weak Hash

Non-Compliant Code Examples

from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
from cryptography.hazmat.primitives import hashes
digest = hashes.Hash(hashes.MD5())
import hashlib

hashlib.new('md5')
hashlib.new('md4')


hashlib.md5("bla");
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis