ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Nightly update

Browse Source
This commit is contained in:
sonartech 2021-05-01 01:14:25 +00:00
parent 0b1ee21341
commit 688ea2889d
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rules/S2053/csharp/rule.adoc
View File

@ -1,9 +1,6 @@
include::../description.adoc[] include::../description.adoc[]
== Recommended Secure Coding Practices include::../recommended.adoc[]
* Use hashing functions generating their own secure salt or generate a secure random value of at least 32 bytes.
* The salt should be unique by user password.
== Noncompliant Code Example == Noncompliant Code Example
@ -18,7 +15,7 @@ public void Hash(string password)
var shortSalt = new byte[8]; var shortSalt = new byte[8];
RandomNumberGenerator.Create().GetBytes(shortSalt); RandomNumberGenerator.Create().GetBytes(shortSalt);
var fromShort = new Rfc2898DeriveBytes(password, shortSalt); // Noncompliant, salt is too short (should be at least 32 bytes, not 8) var fromShort = new Rfc2898DeriveBytes(password, shortSalt); // Noncompliant, salt is too short (should be at least 16 bytes, not 8)
} }
---- ----
@ -27,7 +24,7 @@ public void Hash(string password)
---- ----
public DeriveBytes Hash(string password) public DeriveBytes Hash(string password)
{ {
return new Rfc2898DeriveBytes(password, 32); return new Rfc2898DeriveBytes(password, 16);
} }
---- ----