Using a weak hashing algorithm to protect sensitive data can compromise the security guarantees the hash is meant to provide.
Cryptographic hash algorithms such as MD2, MD4, MD5, MD6, HAVAL-128, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, and SHA-1 are no longer considered secure, because it is computationally feasible to find two different inputs that produce the same hash output — a collision. Message authentication code (MAC) algorithms such as HMAC-MD5 or HMAC-SHA1 use these weak hash functions as building blocks and are likewise considered legacy algorithms. When a weak hashing algorithm is used to protect sensitive data — such as storing passwords, generating security tokens, or verifying data integrity — its weakness can be exploited to defeat that protection.
When weak hashing is used for password storage or security tokens, an attacker who obtains the hashed values can recover the original data more easily through brute force or precomputed (rainbow table) attacks.
When weak hashing is used to verify the integrity of data or downloaded files, an attacker can craft a different input that produces the same hash, allowing them to substitute malicious content without detection.
The following noncompliant example uses a weak hashing algorithm that is vulnerable to collision and preimage attacks.
steps:
- bash: |
# Noncompliant
echo "a40216e7c028e7d77f1aec22d2bbd5f9a357016f go1.20.linux-amd64.tar.gz" | sha1sum -c
tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
displayName: 'Download and verify'
steps:
- bash: |
echo "5a9ebcc65c1cce56e0d2dc616aff4c4cedcfbda8cc6f0288cc08cda3b18dcbf1 go1.20.linux-amd64.tar.gz" | sha256sum -c
tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
displayName: 'Download and verify'