50 lines
1.3 KiB
Plaintext
50 lines
1.3 KiB
Plaintext
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``++AES++``, ``++RSA++``, ``++SHA++``, ... should be used instead.
|
|
|
|
|
|
This rule tracks custom implementation of these types from ``++System.Security.Cryptography++`` namespace:
|
|
|
|
* ``++AsymmetricAlgorithm++``
|
|
* ``++AsymmetricKeyExchangeDeformatter++``
|
|
* ``++AsymmetricKeyExchangeFormatter++``
|
|
* ``++AsymmetricSignatureDeformatter++``
|
|
* ``++AsymmetricSignatureFormatter++``
|
|
* ``++DeriveBytes++``
|
|
* ``++HashAlgorithm++``
|
|
* ``++ICryptoTransform++``
|
|
* ``++SymmetricAlgorithm++``
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
public class CustomHash : HashAlgorithm // Noncompliant
|
|
{
|
|
private byte[] result;
|
|
|
|
public override void Initialize() => result = null;
|
|
protected override byte[] HashFinal() => result;
|
|
|
|
protected override void HashCore(byte[] array, int ibStart, int cbSize) =>
|
|
result ??= array.Take(8).ToArray();
|
|
}
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,csharp]
|
|
----
|
|
SHA256 mySHA256 = SHA256.Create()
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|