19 lines
828 B
Plaintext
19 lines
828 B
Plaintext
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``Argon2PasswordHasher``, ``BCryptPasswordHasher``, ... should be used instead.
|
|
|
|
This rule tracks creation of ``BasePasswordHasher`` subclasses for Django applications.
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
class CustomPasswordHasher(BasePasswordHasher): # Sensitive
|
|
# ...
|
|
----
|
|
|
|
== See
|
|
|
|
* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
* http://cwe.mitre.org/data/definitions/327.html[CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
|
|
* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
|