INSECURE HASHING

Feature Value
Type Detection
Risk OWASP A3
Covered by Agent

The application uses a hashing algorithm that does not meet today's generally accepted standards. Cryptography is difficult and there are many minor mistakes which can lead to a cryptosystem leaking information, or worse. Choosing a hashing algorithm that is known to be unsafe is a very common way to completely undermine security. Frequently, the use of a weak algorithm will allow credentials or data to be extracted.

However, using a weak hashing algorithm like MD5 or SHA-1 does not necessarily represent a real risk to your organization. If you are using this hash for authentication or in a cryptographic protocol, then it could be a serious problem. On the other hand, if it is being used as a simple integrity check and not exposed outside your applications, then it could be safe.

Attacks against unsafe digests are more than theoretical; undirected collisions can be found on an average laptop in a few seconds. Directed collisions can be generated with relatively modest resources. That being said, all practical attacks would seem to require cryptographers of rare ability and the resources of a medium to large-sized organization. Therefore, you should decide carefully how likely you are to face such an attack when estimating the severity of this issue.

There is a common saying in cryptography (attributed to the NSA), "Attacks always get better - they never get worse." Make your cryptographic design accordingly! Consider your choice here carefully and consult a cryptography expert if you have questions.

More information

How to solve it

Switching hashing algorithms in the code is fairly easy, although there may be more significant data migration issues.

This code gets a MD5 digester, which is considered broken by today's standards because it is not nearly as collision-resistant as once thought:

MessageDigest badDigester = MessageDigest.getInstance("MD5"); // Unsafe

The following code retrieves a SHA-256 cipher, which is considered much stronger for many reasons (including a 256-bit hash, which is less likely to fall victim to a birthday attack):

MessageDigest safeDigester = MessageDigest.getInstance("SHA-256"); // Safe!