org.sonar.l10n.java.rules.squid.S2257.html Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of java-checks Show documentation

There is a newer version: 8.6.0.37351

The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like SHA-256, SHA-384, SHA-512, ... should be used instead.
This rule tracks creation of java.security.MessageDigest subclasses.
Noncompliant Code Example

MyCryptographicAlgorithm extends MessageDigest {
  ...
}

See


 CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
 SANS Top 25 - Porous Defenses
 Derived from FindSecBugs rule MessageDigest is Custom