Avoid weak hash algorithms

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: csharp-security/weak-hash-algorithms

Language: C#

Severity: Warning

Category: Security

CWE: 328

Description

Avoid unsecured hash algorithms, as they may lead to data leaks. Use safe and proven hash algorithms.

Learn More

Non-Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = HashAlgorithm.Create("SHA1");
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new SHA1Managed();
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = (HashAlgorithm)CryptoConfig.CreateFromName("MD5");
    }
}

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm = new MD5CryptoServiceProvider();
    }
}

Compliant Code Examples

using System.IO;
using System.Security.Cryptography;

class MyClass {
    public void myMethod()
    {
        var hashAlgorithm1 = new SHA512Managed();
        var hashAlgorithm2 = (HashAlgorithm)CryptoConfig.CreateFromName("SHA512");
        var hashAlgorithm3 = HashAlgorithm.Create("SHA512");
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: may/unit-testing