🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Weak Hashing Algorithm

MD5 and SHA1 are weak hashing algorithms and open to collision attacks. They are not suitable for cryptographic signature.

Remediation

  • At the time of writing, SHA3 is recommended. Best to use a slow hashing algorithm like bcrypt.
  • Ensure that the design allows one hashing algorithm to be replaced with another.

Metadata

  • Severity: low
  • Slug: weak-hashing-algorithm

CWEs

  • 916: Use of Password Hash With Insufficient Computational Effort
  • 327: Use of a Broken or Risky Cryptographic Algorithm
  • 328: Use of Weak Hash

OWASP

  • A02:2021: Cryptographic Failures

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.