Use of Custom MessageDigest

Description

Implementing a custom MessageDigest is error-prone. National Institute of Standards and Technology (NIST) recommends the use of SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256.

Examples

Insecure Code

scala

class CustomDigest extends java.security.MessageDigest { ... }

Secure Code

scala

MessageDigest md = MessageDigest.getInstance("SHA-256");

Remediation

Use a recommended MessageDigest algorithm such as SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, or SHA-512/256 instead of implementing a custom one.

Rule Details

Field	Value
ID	CODE-0023
Category	Crypto
Severity	MEDIUM
CWE	CWE-327
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	cryptography, nist
OWASP	N/A

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Use of Custom MessageDigest

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Use of Custom MessageDigest ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Use of Custom MessageDigest

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details