Avoid MD5 to generate hashes

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: ruby-security/no-md5-digest

Language: Ruby

Severity: Warning

Category: Security

CWE: 328

Related CWEs:

Description

The rule “Avoid MD5 to generate hashes” is important because MD5 (Message Digest Algorithm 5) is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. However, it is considered to be a weak algorithm for generating hashes due to its vulnerabilities to collision attacks. A collision occurs when two different inputs produce the same hash output, which can lead to security risks such as data integrity issues or unauthorized access.

The significance of this rule is that it promotes the use of more secure hash functions. In cryptography, the strength of a hash function is determined by its resistance to collision attacks. More modern algorithms such as SHA-256 and SHA-3 are recommended as they provide better security than MD5.

To adhere to this rule, replace any use of MD5 in your code with a more secure hash function. For example, instead of Digest::MD5.hexdigest 'foo', you should use Digest::SHA256.hexdigest 'foo'. Similarly, replace instances of OpenSSL::Digest::MD5.new with OpenSSL::Digest::SHA256.new. By doing so, you can ensure the integrity and security of your data.

Non-Compliant Code Examples

require 'digest'
class Bad_md5
    def bad_md5_code()
        md5 = Digest::MD5.hexdigest 'foo'
        md5 = Digest::MD5.new
        md5 = Digest::MD5.base64digest 'foo'
        md5 = Digest::MD5.digest 'foo'

        digest = OpenSSL::Digest::MD5.new
        digest = OpenSSL::Digest::MD5.hexdigest 'foo'
        digest = OpenSSL::Digest::MD5.new
        digest = OpenSSL::Digest::MD5.base64digest 'foo'
        digest = OpenSSL::Digest::MD5.digest 'foo'
        digest = OpenSSL::Digest.new('MD5').digest 'foo'

        :Digest::MD5.hexdigest(password + salt)
        ::Digest::MD5.hexdigest(password + salt)
    end
end

Compliant Code Examples

require 'digest'
class Good_sha256
    def good_sha_code()
        # Safe: using SHA256 instead of MD5
        sha256 = Digest::SHA256.hexdigest 'foo'
        sha256 = Digest::SHA256.new
        digest = OpenSSL::Digest::SHA256.new
    end
end
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security