Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like Argon2PasswordHasher, BCryptPasswordHasher, ... should be used instead.

      This rule tracks creation of BasePasswordHasher subclasses for Django applications.

      Recommended Secure Coding Practices

      • Use a standard algorithm instead of creating a custom one.

      Sensitive Code Example

      class CustomPasswordHasher(BasePasswordHasher):  # Sensitive
          # ...
      

      See

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            hendrik.buchwald Hendrik Buchwald
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: