Vulnerability

Cryptographic Hash Functions should not use SHA-1 or Message-Digest Algorithms

Description

    This rule states that when using cryptographic hash functions, SHA-1 or Message-Digest Algorithms should not be used. Cryptographic hash functions are used to provide a secure way of verifying the integrity of data. SHA-1 and Message-Digest Algorithms are known to be vulnerable to attack, so it is important to use stronger algorithms to ensure the data is secure.

Key Benefits

  • Secure: Cryptographic hash functions are designed to be secure and provide a high level of security against malicious attacks.
  • Tamper-Proof: The cryptographic hash functions are designed to be tamper-proof, meaning that they cannot be altered or changed in any way.
  • Integrity: Cryptographic hash functions provide an assurance of data integrity, ensuring that the data has not been tampered with or altered in any way.
  • No Collision: Cryptographic hash functions are designed to be collision-resistant, meaning that it is impossible to find two different inputs that will produce the same output.
  • No Reversibility: Cryptographic hash functions are designed to be non-reversible, meaning that it is impossible to determine the original input from the output.

 

Non-compliant Code Example

global function string callMD5 (integer id)
Blob lblb_data
Blob lblb_md5
lblb_data = Blob("Test MD5", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

// Encrypt with MD5
lblb_md5 = lnv_CrypterObject.MD5(lblb_data) // MD5 is not compliance

Return ""
end function
global function string testSHA (string text)

Blob lblb_data
Blob lblb_sha1
string ls_result

lblb_data = Blob(text, EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

// Encrypt with SHA
lblb_sha1= lnv_CrypterObject.SHA(SHA1!, lblb_data) // SHA1! is not compliance

ls_result = string(lblb_sha1, EncodingANSI!)

Return ls_result
end function

Compliant Code Example

global function string testSHA (string text)

Blob lblb_data
Blob lblb_sha1
string ls_result

lblb_data = Blob(text, EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

// Encrypt with SHA
lblb_sha1= lnv_CrypterObject.SHA(SHA256!, lblb_data) // SHA256! is compliance

ls_result = string(lblb_sha1, EncodingANSI!)

Return ls_result
end function
Visual Expert 2023
 VEPBRULE28