Avoid sha1

This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: swift-security/avoid-sha1

Language: Unknown

Severity: Warning

Category: Security

Description

This rule flags the usage of the SHA-1 hashing algorithm in Swift code. SHA-1 is considered cryptographically weak and vulnerable to collision attacks, which can compromise data integrity and security. Using SHA-1 can expose applications to potential exploits, especially in security-sensitive contexts like password hashing, digital signatures, or data verification.

To ensure stronger security, developers should avoid calling .sha1() and instead use more secure hashing algorithms such as SHA-256. For example, replacing message.sha1() with message.sha256() significantly improves resistance against cryptographic attacks. Adopting modern and robust algorithms helps maintain the confidentiality and integrity of data.

Non-Compliant Code Examples

let digest = message.sha1();

Compliant Code Examples

let digest = message.sha256();
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains