rspec/rules/S2053/description.adoc

In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes ``++rainbow-table attacks++`` more difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the hash value in databases of precomputed hashes (called ``++rainbow-tables++``).


This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as ``++PBKDF2++``, is used with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as ``++sha1++`` or ``++md5++`` as they should not be used to hash passwords.
Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00			In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes ``++rainbow-table attacks++`` more difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the hash value in databases of precomputed hashes (called ``++rainbow-tables++``).
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
Undo the abuse of compatibleLanguages metadata field 2021-02-16 15:00:44 +01:00			This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as ``++PBKDF2++``, is used with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as ``++sha1++`` or ``++md5++`` as they should not be used to hash passwords.