Avoid weak hash algorithms
ID: csharp-security/weak-hash-algorithms
Language: C#
Severity: Warning
Category: Security
CWE: 328
Description
Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.
Learn More
Non-Compliant Code Examples
using System.IO;
using System.Security.Cryptography;
class MyClass {
public void myMethod()
{
var hashAlgorithm = HashAlgorithm.Create("SHA1");
}
}
using System.IO;
using System.Security.Cryptography;
class MyClass {
public void myMethod()
{
var hashAlgorithm = new SHA1Managed();
}
}
using System.IO;
using System.Security.Cryptography;
class MyClass {
public void myMethod()
{
var hashAlgorithm = (HashAlgorithm)CryptoConfig.CreateFromName("MD5");
}
}
using System.IO;
using System.Security.Cryptography;
class MyClass {
public void myMethod()
{
var hashAlgorithm = new MD5CryptoServiceProvider();
}
}
Compliant Code Examples
using System.IO;
using System.Security.Cryptography;
class MyClass {
public void myMethod()
{
var hashAlgorithm1 = new SHA512Managed();
var hashAlgorithm2 = (HashAlgorithm)CryptoConfig.CreateFromName("SHA512");
var hashAlgorithm3 = HashAlgorithm.Create("SHA512");
}
}