Vulnerability

SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

Description

    The rule "SHA-1 and Message-Digest hash algorithms should not be used in secure contexts" means that these algorithms should not be used when data security is a priority. SHA-1 and Message-Digest are both hashing algorithms, which are used to generate a unique value (or "hash") from a given set of data. These hashes can be used to verify the integrity of data, but they are not considered secure enough for use in secure contexts. As such, they should not be used when security is a priority.

Key Benefits

  • Increased Security: SHA-1 and Message-Digest hash algorithms are not considered secure enough for use in secure contexts, as they are vulnerable to attack and can be easily broken. :
  • Improved Performance: SHA-2 and SHA-3 algorithms provide improved performance and security compared to SHA-1 and Message-Digest hash algorithms. :
  • Enhanced Reliability: SHA-2 and SHA-3 algorithms have been designed to be more reliable and secure than SHA-1 and Message-Digest hash algorithms. :
  • Improved Compatibility: SHA-2 and SHA-3 algorithms are more compatible with modern hardware and software than SHA-1 and Message-Digest hash algorithms. :

 

Non-compliant Code Example

DECLARE
	hash_value varchar2;
BEGIN

  hash_value := DBMS_CRYPTO.HASH('demo text source', HASH_MD5); --Non compliant code (SHA-1 OR Message-Digest hash algorithms is used in secure contexts)

END;

Compliant Code Example

DECLARE
	hash_value varchar2;
BEGIN

  hash_value := DBMS_CRYPTO.HASH('demo text source', HASH_SH256); --Compliant code

END;
Visual Expert 2023
 VEPLSQLRULE137