47 lines
1.2 KiB
Plaintext
47 lines
1.2 KiB
Plaintext
The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like ``AES``, ``RSA``, ``SHA``, ... should be used instead.
|
|
|
|
This rule tracks custom implementation of these types from ``System.Security.Cryptography`` namespace:
|
|
|
|
* ``AsymmetricAlgorithm``
|
|
* ``AsymmetricKeyExchangeDeformatter``
|
|
* ``AsymmetricKeyExchangeFormatter``
|
|
* ``AsymmetricSignatureDeformatter``
|
|
* ``AsymmetricSignatureFormatter``
|
|
* ``DeriveBytes``
|
|
* ``HashAlgorithm``
|
|
* ``ICryptoTransform``
|
|
* ``SymmetricAlgorithm``
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
Public Class CustomHash ' Noncompliant
|
|
Inherits HashAlgorithm
|
|
|
|
Private fResult() As Byte
|
|
|
|
Public Overrides Sub Initialize()
|
|
fResult = Nothing
|
|
End Sub
|
|
|
|
Protected Overrides Function HashFinal() As Byte()
|
|
Return fResult
|
|
End Function
|
|
|
|
Protected Overrides Sub HashCore(array() As Byte, ibStart As Integer, cbSize As Integer)
|
|
fResult = If(fResult, array.Take(8).ToArray)
|
|
End Sub
|
|
|
|
End Class
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
Dim mySHA256 As SHA256 = SHA256.Create()
|
|
----
|
|
|
|
include::../see.adoc[]
|