← back to index

S4790 — Weak hashing algorithms should not be used

Language: VB.NET  |  Type: VULNERABILITY  |  Severity: Critical

Tags: cwe, former-hotspot

Using a weak hashing algorithm to protect sensitive data can compromise the security guarantees the hash is meant to provide.

Why is this an issue?

Cryptographic hash algorithms such as MD2, MD4, MD5, MD6, HAVAL-128, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, and SHA-1 are no longer considered secure, because it is computationally feasible to find two different inputs that produce the same hash output — a collision. Message authentication code (MAC) algorithms such as HMAC-MD5 or HMAC-SHA1 use these weak hash functions as building blocks and are likewise considered legacy algorithms. When a weak hashing algorithm is used to protect sensitive data — such as storing passwords, generating security tokens, or verifying data integrity — its weakness can be exploited to defeat that protection.

What is the potential impact?

Breach of confidentiality

When weak hashing is used for password storage or security tokens, an attacker who obtains the hashed values can recover the original data more easily through brute force or precomputed (rainbow table) attacks.

Data integrity compromise

When weak hashing is used to verify the integrity of data or downloaded files, an attacker can craft a different input that produces the same hash, allowing them to substitute malicious content without detection.

How to fix it

To hash passwords or other sensitive data, use a slow, memory-hard algorithm specifically designed for that purpose. In order of preference: Argon2, scrypt, bcrypt, or PBKDF2. These algorithms make brute-force and rainbow-table attacks computationally expensive.

For non-sensitive use cases such as data integrity or fingerprinting, use a modern cryptographic hash function such as SHA-256, SHA-512, or SHA-3.

Code examples

The following noncompliant example uses a weak hashing algorithm that is vulnerable to collision and preimage attacks.

Noncompliant code example

Imports System.Security.Cryptography

Sub ComputeHash()
    Dim hashAlgo As HashAlgorithm = HashAlgorithm.Create() ' Noncompliant
    Dim hashAlgo2 As HashAlgorithm = HashAlgorithm.Create("SHA1") ' Noncompliant
    Dim sha As SHA1 = New SHA1CryptoServiceProvider() ' Noncompliant
    Dim md5 As MD5 = New MD5CryptoServiceProvider() ' Noncompliant

    ' ...
End Sub

Compliant solution

Imports System.Security.Cryptography

Sub ComputeHash()
    Dim sha256 = New SHA256CryptoServiceProvider()
    Dim sha384 = New SHA384CryptoServiceProvider()
    Dim sha512 = New SHA512CryptoServiceProvider()

    ' ...
End Sub

Resources

Documentation

Standards