Vulnerability

SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

Description

    This rule states that the SHA-1 and Message-Digest hash algorithms should not be used in secure contexts, as they are no longer considered secure and have been replaced by more secure algorithms. These algorithms can still be used for non-secure purposes, such as verifying file integrity or generating checksums, but should not be used for authentication or other secure operations. It is important to ensure that any applications or systems that use these algorithms are updated to use a more secure algorithm.

Key Benefits

  • Improved security: SHA-1 and Message-Digest hash algorithms should not be used in secure contexts due to their susceptibility to collision attacks. :
  • Reduced risk: By avoiding the use of SHA-1 and Message-Digest hash algorithms, organizations can reduce the risk of a successful attack. :
  • Enhanced authentication: Stronger algorithms, such as SHA-2 and SHA-3, should be used to provide enhanced authentication and integrity protection. :

 

Non-compliant Code Example

DECLARE @hashText nvarchar(32);  
SET @hashText = CONVERT(nvarchar(32),'asffafffsdfasdaffs%knhtu76sdfasdfafff');  
SELECT HASHBYTES('SHA1', @hashText); --Non compliant code (SHA-1 and Message-Digest hash algorithms should not be used in secure contexts)

GO

DECLARE @hashText nvarchar(32);  
SET @hashText = CONVERT(nvarchar(32),'asffaffffasdfaadfs%knhtu76sdfasdfafff');  
SELECT HASHBYTES('MD5', @hashText); --Non compliant code (SHA-1 and Message-Digest hash algorithms should not be used in secure contexts)

GO
Visual Expert 2023
 VETSQLRULE59