Avoid sha1

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: swift-security/avoid-sha1

Language: Unknown

Severity: Warning

Category: Security

Description

This rule flags the usage of the SHA-1 hashing algorithm in Swift code. SHA-1 is considered cryptographically weak and vulnerable to collision attacks, which can compromise data integrity and security. Using SHA-1 can expose applications to potential exploits, especially in security-sensitive contexts like password hashing, digital signatures, or data verification.

To ensure stronger security, developers should avoid calling .sha1() and instead use more secure hashing algorithms such as SHA-256. For example, replacing message.sha1() with message.sha256() significantly improves resistance against cryptographic attacks. Adopting modern and robust algorithms helps maintain the confidentiality and integrity of data.

Non-Compliant Code Examples

let digest = message.sha1();

Compliant Code Examples

let digest = message.sha256();
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security