Cryptographic hash algorithms such as MD2, MD4, MD5, MD6, HAVAL-128, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160and SHA-1 are no longer considered secure, because it is possible to have collisions (little computational effort is enough to find two or more different inputs that produce the same hash).

Message authentication code (MAC) algorithms such as HMAC-MD5 or HMAC-SHA1 use weak hash functions as building blocks. Although they are not all proven to be weak, they are considered legacy algorithms and should be avoided.

Ask Yourself Whether

The hashed value is used in a security context like:

• User-password storage.
• Security token generation (used to confirm e-mail when registering on a website, reset password, etc …​).
• To compute some message integrity.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

Safer alternatives, such as SHA-256, SHA-512, SHA-3 are recommended, and for password hashing, it’s even better to use algorithms that do not compute too "quickly", like bcrypt, scrypt, argon2 or pbkdf2 because it slows down brute force attacks.

Sensitive Code Example

steps:
  - bash: |
      # Sensitive
      echo "a40216e7c028e7d77f1aec22d2bbd5f9a357016f  go1.20.linux-amd64.tar.gz" | sha1sum -c
      tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
    displayName: 'Download and verify'

Compliant Solution

steps:
  - bash: |
      echo "5a9ebcc65c1cce56e0d2dc616aff4c4cedcfbda8cc6f0288cc08cda3b18dcbf1  go1.20.linux-amd64.tar.gz" | sha256sum -c
      tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
    displayName: 'Download and verify'

See

• OWASP - Top 10 2021 Category A2 - Cryptographic Failures
• OWASP - Top 10 2017 Category A3 - Sensitive Data Exposure
• OWASP - Top 10 2017 Category A6 - Security Misconfiguration
• CWE - CWE-1240 - Use of a Risky Cryptographic Primitive