Avoid weak hash algorithms.

This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: elixir-security/weak-hash-algorithms

Language: Elixir

Severity: Error

Category: Security

CWE: 328

Description

Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.

Learn More

Non-Compliant Code Examples

# The hash functions with md5, sha1, ripemd (128-bit), and sha should be highlighted,
# as they are cryptographically weak and can be easily broken.
defmodule InsecureHashExample do
  # Insecure hash function using MD5
  defp insecure_hash_one(data) do
  # check this
    :cr.hash(data, :md5) |> Base.encode16(case: :lower)
  end
  # Insecure hash function using sha1
  defp insecure_hash_one(data) do
    # validate spacing 
    :crypto.hash(data, :sha1) |> Base.encode16(case: :lower)
  end

# Spacing does not matter
:crypto. hash(:md5, data)

hex = Base.encode16(:crypto. hash(:ripemd160, data))

Compliant Code Examples

# The hash functions other than md5, sha1, ripemd (128-bit), and sha are not highlighted
# as they are cryptographically strong and cannot be broken via standard hardware.
defmodule PasswordCompare do
  def option_one(password, md5_hash) do
    case :crypto.hash(:sha2, password) == md5_hash do
      true -> :entry_granted_op1
      false -> :entry_denied_op1
    end
  end
end
a = :crypto.hash(:sha3, something)
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security
PREVIEWING: heston/DOCS-10466