The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160. The following APIs are tracked for use of obsolete crypto algorithms: * java.security.AlgorithmParameters (JDK) * java.security.AlgorithmParameterGenerator (JDK) * java.security.MessageDigest (JDK) * java.security.KeyFactory (JDK) * java.security.KeyPairGenerator (JDK) * java.security.Signature (JDK) * javax.crypto.Mac (JDK) * javax.crypto.KeyGenerator (JDK) * org.apache.commons.codec.digest.DigestUtils (Apache Commons Codec) * org.springframework.util.DigestUtils * com.google.common.hash.Hashing (Guava) * org.springframework.security.authentication.encoding.ShaPasswordEncoder (Spring Security 4.2.x) * org.springframework.security.authentication.encoding.Md5PasswordEncoder (Spring Security 4.2.x) * org.springframework.security.crypto.password.LdapShaPasswordEncoder (Spring Security 5.0.x) * org.springframework.security.crypto.password.Md4PasswordEncoder (Spring Security 5.0.x) * org.springframework.security.crypto.password.MessageDigestPasswordEncoder (Spring Security 5.0.x) * org.springframework.security.crypto.password.NoOpPasswordEncoder (Spring Security 5.0.x) * org.springframework.security.crypto.password.StandardPasswordEncoder (Spring Security 5.0.x) Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2. == Noncompliant Code Example ---- MessageDigest md = MessageDigest.getInstance("SHA1"); // Noncompliant ---- == Compliant Solution ---- MessageDigest md = MessageDigest.getInstance("SHA-256"); ---- include::../see.adoc[]