rspec/rules/S2070/java/rule.adoc

The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160.

The following APIs are tracked for use of obsolete crypto algorithms:
* <code>java.security.AlgorithmParameters</code>  (JDK)
* <code>java.security.AlgorithmParameterGenerator</code> (JDK)
* <code>java.security.MessageDigest</code> (JDK)
* <code>java.security.KeyFactory</code> (JDK)
* <code>java.security.KeyPairGenerator</code> (JDK)
* <code>java.security.Signature</code> (JDK)
* <code>javax.crypto.Mac</code> (JDK)
* <code>javax.crypto.KeyGenerator</code> (JDK)
* <code>org.apache.commons.codec.digest.DigestUtils</code>  (Apache Commons Codec)
* <code>org.springframework.util.DigestUtils</code>
* <code>com.google.common.hash.Hashing</code> (Guava)
* <code>org.springframework.security.authentication.encoding.ShaPasswordEncoder</code> (Spring Security 4.2.x)
* <code>org.springframework.security.authentication.encoding.Md5PasswordEncoder</code> (Spring Security 4.2.x)
* <code>org.springframework.security.crypto.password.LdapShaPasswordEncoder</code> (Spring Security 5.0.x)
* <code>org.springframework.security.crypto.password.Md4PasswordEncoder</code> (Spring Security 5.0.x)
* <code>org.springframework.security.crypto.password.MessageDigestPasswordEncoder</code> (Spring Security 5.0.x)
* <code>org.springframework.security.crypto.password.NoOpPasswordEncoder</code> (Spring Security 5.0.x)
* <code>org.springframework.security.crypto.password.StandardPasswordEncoder</code> (Spring Security 5.0.x)

Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2.

== Noncompliant Code Example

----
MessageDigest md = MessageDigest.getInstance("SHA1");  // Noncompliant
----

== Compliant Solution

----
MessageDigest md = MessageDigest.getInstance("SHA-256");
----

include::../see.adoc[]
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160.

			`The following APIs are tracked for use of obsolete crypto algorithms:`
			`* <code>java.security.AlgorithmParameters</code> (JDK)`
			`* <code>java.security.AlgorithmParameterGenerator</code> (JDK)`
			`* <code>java.security.MessageDigest</code> (JDK)`
			`* <code>java.security.KeyFactory</code> (JDK)`
			`* <code>java.security.KeyPairGenerator</code> (JDK)`
			`* <code>java.security.Signature</code> (JDK)`
			`* <code>javax.crypto.Mac</code> (JDK)`
			`* <code>javax.crypto.KeyGenerator</code> (JDK)`
			`* <code>org.apache.commons.codec.digest.DigestUtils</code> (Apache Commons Codec)`
			`* <code>org.springframework.util.DigestUtils</code>`
			`* <code>com.google.common.hash.Hashing</code> (Guava)`
			`* <code>org.springframework.security.authentication.encoding.ShaPasswordEncoder</code> (Spring Security 4.2.x)`
			`* <code>org.springframework.security.authentication.encoding.Md5PasswordEncoder</code> (Spring Security 4.2.x)`
			`* <code>org.springframework.security.crypto.password.LdapShaPasswordEncoder</code> (Spring Security 5.0.x)`
			`* <code>org.springframework.security.crypto.password.Md4PasswordEncoder</code> (Spring Security 5.0.x)`
			`* <code>org.springframework.security.crypto.password.MessageDigestPasswordEncoder</code> (Spring Security 5.0.x)`
			`* <code>org.springframework.security.crypto.password.NoOpPasswordEncoder</code> (Spring Security 5.0.x)`
			`* <code>org.springframework.security.crypto.password.StandardPasswordEncoder</code> (Spring Security 5.0.x)`

			`Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2.`

			`== Noncompliant Code Example`

			`----`
			`MessageDigest md = MessageDigest.getInstance("SHA1"); // Noncompliant`
			`----`

			`== Compliant Solution`

			`----`
			`MessageDigest md = MessageDigest.getInstance("SHA-256");`
			`----`

			`include::../see.adoc[]`