rspec/rules/S2070/java/rule.adoc

The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160.

The following APIs are tracked for use of obsolete crypto algorithms:

* ``java.security.AlgorithmParameters``  (JDK)
* ``java.security.AlgorithmParameterGenerator`` (JDK)
* ``java.security.MessageDigest`` (JDK)
* ``java.security.KeyFactory`` (JDK)
* ``java.security.KeyPairGenerator`` (JDK)
* ``java.security.Signature`` (JDK)
* ``javax.crypto.Mac`` (JDK)
* ``javax.crypto.KeyGenerator`` (JDK)
* ``org.apache.commons.codec.digest.DigestUtils``  (Apache Commons Codec)
* ``org.springframework.util.DigestUtils``
* ``com.google.common.hash.Hashing`` (Guava)
* ``org.springframework.security.authentication.encoding.ShaPasswordEncoder`` (Spring Security 4.2.x)
* ``org.springframework.security.authentication.encoding.Md5PasswordEncoder`` (Spring Security 4.2.x)
* ``org.springframework.security.crypto.password.LdapShaPasswordEncoder`` (Spring Security 5.0.x)
* ``org.springframework.security.crypto.password.Md4PasswordEncoder`` (Spring Security 5.0.x)
* ``org.springframework.security.crypto.password.MessageDigestPasswordEncoder`` (Spring Security 5.0.x)
* ``org.springframework.security.crypto.password.NoOpPasswordEncoder`` (Spring Security 5.0.x)
* ``org.springframework.security.crypto.password.StandardPasswordEncoder`` (Spring Security 5.0.x)

Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2.

== Noncompliant Code Example

----
MessageDigest md = MessageDigest.getInstance("SHA1");  // Noncompliant
----

== Compliant Solution

----
MessageDigest md = MessageDigest.getInstance("SHA-256");
----

include::../see.adoc[]
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160.

			`The following APIs are tracked for use of obsolete crypto algorithms:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
change the inline-code delimitters 2020-12-23 14:59:06 +01:00			* ``java.security.AlgorithmParameters`` (JDK)
			* ``java.security.AlgorithmParameterGenerator`` (JDK)
			* ``java.security.MessageDigest`` (JDK)
			* ``java.security.KeyFactory`` (JDK)
			* ``java.security.KeyPairGenerator`` (JDK)
			* ``java.security.Signature`` (JDK)
			* ``javax.crypto.Mac`` (JDK)
			* ``javax.crypto.KeyGenerator`` (JDK)
			* ``org.apache.commons.codec.digest.DigestUtils`` (Apache Commons Codec)
			* ``org.springframework.util.DigestUtils``
			* ``com.google.common.hash.Hashing`` (Guava)
			* ``org.springframework.security.authentication.encoding.ShaPasswordEncoder`` (Spring Security 4.2.x)
			* ``org.springframework.security.authentication.encoding.Md5PasswordEncoder`` (Spring Security 4.2.x)
			* ``org.springframework.security.crypto.password.LdapShaPasswordEncoder`` (Spring Security 5.0.x)
			* ``org.springframework.security.crypto.password.Md4PasswordEncoder`` (Spring Security 5.0.x)
			* ``org.springframework.security.crypto.password.MessageDigestPasswordEncoder`` (Spring Security 5.0.x)
			* ``org.springframework.security.crypto.password.NoOpPasswordEncoder`` (Spring Security 5.0.x)
			* ``org.springframework.security.crypto.password.StandardPasswordEncoder`` (Spring Security 5.0.x)
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
			`Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2.`

			`== Noncompliant Code Example`

			`----`
			`MessageDigest md = MessageDigest.getInstance("SHA1"); // Noncompliant`
			`----`

			`== Compliant Solution`

			`----`
			`MessageDigest md = MessageDigest.getInstance("SHA-256");`
			`----`

			`include::../see.adoc[]`