The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has
been protected. Standard algorithms like
BCryptPasswordHasher, … should be used instead.
This rule tracks creation of
BasePasswordHasher subclasses for Django applications.
Recommended Secure Coding Practices
- Use a standard algorithm instead of creating a custom one.
Sensitive Code Example
class CustomPasswordHasher(BasePasswordHasher): # Sensitive