Reputation: 23
Cryptography.InsecureAlgorithm
Dim hashMD5 As New MD5CryptoServiceProvider()
I have this line of codes and it detects as a vulnerability Cryptography.InsecureAlgorithm does anyone have an idea how to fix this?
Upvotes: 2
Views: 414
Answers (1)
Reputation: 138137
MD5 is known to be broken for quite a lot of time, and using it is insecure. From Wikipedia - MD5:
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use"
MSDN - MD5CryptoServiceProvider also warn against it:
Newer hash functions such as the Secure Hash Algorithms SHA-256 and SHA-512 are available. Consider using the SHA256 class or the SHA512 class instead of the MD5CryptoServiceProvider class. Use MD5CryptoServiceProvider only for compatibility with legacy applications and data.
So, if you are using it for security (for example for storing a hashed password), you should switch to a newer hash function.
There are still some legitimate usages, specially for backward compatibility with older system. Wikipedia also states:
Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption.
If this is your case you can safely ignore the error (and instruct your compiler or analyzer to hide it).
Upvotes: 3
Related Questions
- Is not accessible in this context because it is friend
- CryptographicException: Error occurred during a cryptographic operation : how can I automatically fix it?
- System.Security.Cryptography not found
- Encryption in asp.net
- System.Security.Cryptography.CryptographicException" occurred in w3wp.exe
- Barclays encryption asp.net (VB to c#)
- Encrypting in ASP.NET
- .NET Encryption
- ASPX C# Code Security
- AES in ASP.NET with VB.NET