Home
Cryptographic Hash Functions should not use SHA-1 or Message-Digest Algorithms
Description
This rule states that when using cryptographic hash functions, SHA-1 or Message-Digest Algorithms should not be used. Cryptographic hash functions are used to provide a secure way of verifying the integrity of data. SHA-1 and Message-Digest Algorithms are known to be vulnerable to attack, so it is important to use stronger algorithms to ensure the data is secure.
Key Benefits
- Secure: Cryptographic hash functions are designed to be secure and provide a high level of security against malicious attacks.
- Tamper-Proof: The cryptographic hash functions are designed to be tamper-proof, meaning that they cannot be altered or changed in any way.
- Integrity: Cryptographic hash functions provide an assurance of data integrity, ensuring that the data has not been tampered with or altered in any way.
- No Collision: Cryptographic hash functions are designed to be collision-resistant, meaning that it is impossible to find two different inputs that will produce the same output.
- No Reversibility: Cryptographic hash functions are designed to be non-reversible, meaning that it is impossible to determine the original input from the output.
Non-compliant Code Example
global function string callMD5 (integer id)
Blob lblb_data
Blob lblb_md5
lblb_data = Blob("Test MD5", EncodingANSI!)
CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject
// Encrypt with MD5
lblb_md5 = lnv_CrypterObject.MD5(lblb_data) // MD5 is not compliance
Return ""
end function
global function string testSHA (string text)
Blob lblb_data
Blob lblb_sha1
string ls_result
lblb_data = Blob(text, EncodingANSI!)
CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject
// Encrypt with SHA
lblb_sha1= lnv_CrypterObject.SHA(SHA1!, lblb_data) // SHA1! is not compliance
ls_result = string(lblb_sha1, EncodingANSI!)
Return ls_result
end function
Compliant Code Example
global function string testSHA (string text)
Blob lblb_data
Blob lblb_sha1
string ls_result
lblb_data = Blob(text, EncodingANSI!)
CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject
// Encrypt with SHA
lblb_sha1= lnv_CrypterObject.SHA(SHA256!, lblb_data) // SHA256! is compliance
ls_result = string(lblb_sha1, EncodingANSI!)
Return ls_result
end function