Avoid weak hash algorithms.
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: elixir-security/weak-hash-algorithms
Language: Elixir
Severity: Error
Category: Security
CWE: 328
Description
Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.
Learn More
Non-Compliant Code Examples
# The hash functions with md5, sha1, ripemd (128-bit), and sha should be highlighted,
# as they are cryptographically weak and can be easily broken.
defmodule InsecureHashExample do
# Insecure hash function using MD5
defp insecure_hash_one(data) do
# check this
:cr.hash(data, :md5) |> Base.encode16(case: :lower)
end
# Insecure hash function using sha1
defp insecure_hash_one(data) do
# validate spacing
:crypto.hash(data, :sha1) |> Base.encode16(case: :lower)
end
# Spacing does not matter
:crypto. hash(:md5, data)
hex = Base.encode16(:crypto. hash(:ripemd160, data))
Compliant Code Examples
# The hash functions other than md5, sha1, ripemd (128-bit), and sha are not highlighted
# as they are cryptographically strong and cannot be broken with standard hardware.
defmodule PasswordCompare do
def option_one(password, md5_hash) do
case :crypto.hash(:sha2, password) == md5_hash do
true -> :entry_granted_op1
false -> :entry_denied_op1
end
end
end
a = :crypto.hash(:sha3, something)
