59 lines
2.5 KiB
Plaintext
59 lines
2.5 KiB
Plaintext
== Why is this an issue?
|
|
|
|
The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value. This applies as well to the other Message-Digest algorithms: MD2, MD4, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160.
|
|
|
|
|
|
The following APIs are tracked for use of obsolete crypto algorithms:
|
|
|
|
* ``++java.security.AlgorithmParameters++`` (JDK)
|
|
* ``++java.security.AlgorithmParameterGenerator++`` (JDK)
|
|
* ``++java.security.MessageDigest++`` (JDK)
|
|
* ``++java.security.KeyFactory++`` (JDK)
|
|
* ``++java.security.KeyPairGenerator++`` (JDK)
|
|
* ``++java.security.Signature++`` (JDK)
|
|
* ``++javax.crypto.Mac++`` (JDK)
|
|
* ``++javax.crypto.KeyGenerator++`` (JDK)
|
|
* ``++org.apache.commons.codec.digest.DigestUtils++`` (Apache Commons Codec)
|
|
* ``++org.springframework.util.DigestUtils++``
|
|
* ``++com.google.common.hash.Hashing++`` (Guava)
|
|
* ``++org.springframework.security.authentication.encoding.ShaPasswordEncoder++`` (Spring Security 4.2.x)
|
|
* ``++org.springframework.security.authentication.encoding.Md5PasswordEncoder++`` (Spring Security 4.2.x)
|
|
* ``++org.springframework.security.crypto.password.LdapShaPasswordEncoder++`` (Spring Security 5.0.x)
|
|
* ``++org.springframework.security.crypto.password.Md4PasswordEncoder++`` (Spring Security 5.0.x)
|
|
* ``++org.springframework.security.crypto.password.MessageDigestPasswordEncoder++`` (Spring Security 5.0.x)
|
|
* ``++org.springframework.security.crypto.password.NoOpPasswordEncoder++`` (Spring Security 5.0.x)
|
|
* ``++org.springframework.security.crypto.password.StandardPasswordEncoder++`` (Spring Security 5.0.x)
|
|
|
|
Consider using safer alternatives, such as SHA-256, SHA-3 or adaptive one way functions like bcrypt or PBKDF2.
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
MessageDigest md = MessageDigest.getInstance("SHA1"); // Noncompliant
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
MessageDigest md = MessageDigest.getInstance("SHA-256");
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|