Inadequate Encryption Strength
Description
The code uses a weak message digest algorithm such as MD5 or SHA1, which is considered insecure for modern applications. NIST recommends using AES block ciphers instead.
Examples
Insecure Code
scala
MessageDigest.getInstance("MD5");Secure Code
scala
MessageDigest.getInstance("SHA-256");Remediation
Replace the weak message digest algorithm with a stronger one, such as SHA-256 or SHA-3.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0029 |
| Category | Crypto |
| Severity | MEDIUM |
| CWE | CWE-326 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure-cipher, weak-digest |
| OWASP | N/A |