The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like Argon2PasswordHasher, BCryptPasswordHasher, ... should be used instead.

This rule tracks creation of BasePasswordHasher subclasses for Django applications.

Recommended Secure Coding Practices

Sensitive Code Example

class CustomPasswordHasher(BasePasswordHasher):  # Sensitive
    # ...

See