Use of Weak Cryptographic Algorithms

Use of Weak Cryptographic Algorithms
Tags:

Overview

Weak cryptographic algorithms such as MD5, SHA-1, DES, or RC4 no longer provide adequate protection.

Impact

Collisions, small key sizes, and known attacks can undermine integrity and confidentiality.

Countermeasures

Use current, approved algorithms and libraries, such as SHA-256 or stronger hashes, AES-GCM, and modern TLS configurations.

Examples

public String getCryptedPassword(String salt, String password) {
    return new MD5HashGenerator().getValue(password);
}

public String getSalt(String userId, String password) {
    return SHA256HashGenerator.getInstance().getValue("--" + Calendar.getInstance().getTime().toString() + "--" + userId + "--");
}

public String getCryptedPassword(String salt, String password) {
    return SHA256HashGenerator.getInstance().getValue("nest--" + salt + "--" + password + "--");
}