Insecure hashing Medium

A hashing algorithm is weak if it is easy to determine the original input from the hash or to find another input that yields the same hash. Weak hashing algorithms can lead to security vulnerabilities.

Detector ID
python/insecure-hashing@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1def hashing_noncompliant():
2    import hashlib
3    from hashlib import pbkdf2_hmac
4    # Noncompliant: insecure hashing algorithm used.
5    derivedkey = hashlib.pbkdf2_hmac('sha224', password, salt, 100000)
6    derivedkey.hex()

Compliant example

1def hashing_compliant():
2    import hashlib
3    from hashlib import pbkdf2_hmac
4    # Compliant: secure hashing algorithm used.
5    derivedkey = hashlib.pbkdf2_hmac('sha256', password, salt, 100000)
6    derivedkey.hex()