Cryptographic hash algorithms such as MD2, MD4, MD5, MD6, HAVAL-128,
HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160,
HMACRIPEMD160 and SHA-1 are no longer considered secure, because it is too easy to create hash collisions with them (little
computational effort is enough to find two or more different inputs that produces the same hash).
The hashed value is used in a security context like:
There is a risk if you answered yes to any of those questions.
Safer alternatives, such as SHA-256, SHA-512, SHA-3 or bcrypt are recommended, and for password
hashing, it's even better to use algorithms that not compute too "quickly", like bcrypt instead of SHA-256, because it slows
brute force and dictionary based attacks.
import hashlib m = hashlib.md5() // Sensitive
import hashlib m = hashlib.sha1() // Sensitive
import md5 // Sensitive and deprecated since Python 2.5; use the hashlib module instead. m = md5.new() import sha // Sensitive and deprecated since Python 2.5; use the hashlib module instead. m = sha.new()
import hashlib m = hashlib.sha256() // Compliant