The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``AES``, ``RSA``, ``SHA``, ... should be used instead.

This rule tracks custom implementation of these types from ``System.Security.Cryptography`` namespace:

* ``AsymmetricAlgorithm``
* ``AsymmetricKeyExchangeDeformatter``
* ``AsymmetricKeyExchangeFormatter``
* ``AsymmetricSignatureDeformatter``
* ``AsymmetricSignatureFormatter``
* ``DeriveBytes``
* ``HashAlgorithm``
* ``ICryptoTransform``
* ``SymmetricAlgorithm``

include::../recommended.adoc[]

== Sensitive Code Example

----
public class CustomHash : HashAlgorithm // Noncompliant
{
    private byte[] result;

    public override void Initialize() => result = null;
    protected override byte[] HashFinal() => result;

    protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
        result ??= array.Take(8).ToArray();
}
----

== Compliant Solution

----
SHA256 mySHA256 = SHA256.Create()
----

include::../see.adoc[]