The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``AES``, ``RSA``, ``SHA``, ... should be used instead.

This rule tracks custom implementation of these types from ``System.Security.Cryptography`` namespace:

* ``AsymmetricAlgorithm``
* ``AsymmetricKeyExchangeDeformatter``
* ``AsymmetricKeyExchangeFormatter``
* ``AsymmetricSignatureDeformatter``
* ``AsymmetricSignatureFormatter``
* ``DeriveBytes``
* ``HashAlgorithm``
* ``ICryptoTransform``
* ``SymmetricAlgorithm``

include::../recommended.adoc[]

== Sensitive Code Example

----
Public Class CustomHash     ' Noncompliant
    Inherits HashAlgorithm

    Private fResult() As Byte

    Public Overrides Sub Initialize()
        fResult = Nothing
    End Sub

    Protected Overrides Function HashFinal() As Byte()
        Return fResult
    End Function

    Protected Overrides Sub HashCore(array() As Byte, ibStart As Integer, cbSize As Integer)
        fResult = If(fResult, array.Take(8).ToArray)
    End Sub

End Class
----

== Compliant Solution

----
Dim mySHA256 As SHA256 = SHA256.Create()
----

include::../see.adoc[]