The MD5 algorithm and its successor, SHA-1, are no longer considered secure, because it is too easy to create hash collisions with them. That is, it takes too little computational effort to come up with a different input that produces the same MD5 or SHA-1 hash, and using the new, same-hash value gives an attacker the same access as if he had the originally-hashed value.

This rule tracks usage of the java.security.MessageDigest, and org.apache.commons.codec.digest.DigestUtils classes to instantiate MD5 or SHA-1 algorithms, and of Guava's com.google.common.hash.Hashing sha1 and md5 methods.

Noncompliant Code Example

MessageDigest md = MessageDigest.getInstance("SHA1");  // Noncompliant

Compliant Solution

MessageDigest md = MessageDigest.getInstance("SHA-256");

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");

See

• MITRE, CWE-328 - Reversible One-Way Hash
• MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
• OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
• CWE/SANS TOP 25 Most Dangerous Software Errors