Avoid weak hash algorithms.

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: elixir-security/weak-hash-algorithms

Language: Elixir

Severity: Error

Category: Security

CWE: 328

Description

Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.

Learn More

Non-Compliant Code Examples

# The hash functions with md5, sha1, ripemd (128-bit), and sha should be highlighted,
# as they are cryptographically weak and can be easily broken.
defmodule InsecureHashExample do
  # Insecure hash function using MD5
  defp insecure_hash_one(data) do
  # check this
    :cr.hash(data, :md5) |> Base.encode16(case: :lower)
  end
  # Insecure hash function using sha1
  defp insecure_hash_one(data) do
    # validate spacing 
    :crypto.hash(data, :sha1) |> Base.encode16(case: :lower)
  end

# Spacing does not matter
:crypto. hash(:md5, data)

hex = Base.encode16(:crypto. hash(:ripemd160, data))

Compliant Code Examples

# The hash functions other than md5, sha1, ripemd (128-bit), and sha are not highlighted
# as they are cryptographically strong and cannot be broken via standard hardware.
defmodule PasswordCompare do
  def option_one(password, md5_hash) do
    case :crypto.hash(:sha2, password) == md5_hash do
      true -> :entry_granted_op1
      false -> :entry_denied_op1
    end
  end
end
a = :crypto.hash(:sha3, something)
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security