Cryptographic hash algorithms such as MD2
, MD4
, MD5
, MD6
, HAVAL-128
,
DSA
(which uses SHA-1
), RIPEMD
, RIPEMD-128
, RIPEMD-160
and SHA-1
are no
longer considered secure, because it is possible to have collisions
(little computational effort is enough to find two or more different
inputs that produce the same hash).
Message authentication code (MAC) algorithms such as HMAC-MD5
or HMAC-SHA1
use weak hash functions as building blocks.
Although they are not all proven to be weak, they are considered legacy algorithms and should be avoided.
Ask Yourself Whether
The hashed value is used in a security context like:
- User-password storage.
- Security token generation (used to confirm e-mail when registering on a website, reset password, etc …).
- To compute some message integrity.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
Safer alternatives, such as SHA-256
, SHA-512
, SHA-3
are recommended, and for password hashing, it’s even
better to use algorithms that do not compute too "quickly", like bcrypt
, scrypt
, argon2
or pbkdf2
because it slows down brute force attacks
.
Sensitive Code Example
$hash = md5($data); // Sensitive
$hash = sha1($data); // Sensitive
Compliant Solution
// for a password
$hash = password_hash($password, PASSWORD_BCRYPT); // Compliant
// other context
$hash = hash("sha512", $data);
See