ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Nightly update

Browse Source
This commit is contained in:
sonartech 2021-05-01 01:14:25 +00:00
parent 0b1ee21341
commit 688ea2889d
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rules/S2053/csharp/rule.adoc
View File

@ -1,9 +1,6 @@
include::../description.adoc[]
== Recommended Secure Coding Practices
* Use hashing functions generating their own secure salt or generate a secure random value of at least 32 bytes.
* The salt should be unique by user password.
include::../recommended.adoc[]
== Noncompliant Code Example
@ -18,7 +15,7 @@ public void Hash(string password)
var shortSalt = new byte[8];
RandomNumberGenerator.Create().GetBytes(shortSalt);
var fromShort = new Rfc2898DeriveBytes(password, shortSalt); // Noncompliant, salt is too short (should be at least 32 bytes, not 8)
var fromShort = new Rfc2898DeriveBytes(password, shortSalt); // Noncompliant, salt is too short (should be at least 16 bytes, not 8)
}
----
@ -27,7 +24,7 @@ public void Hash(string password)
----
public DeriveBytes Hash(string password)
{
return new Rfc2898DeriveBytes(password, 32);
return new Rfc2898DeriveBytes(password, 16);
}
----