Weak Hash algorithm used.

ID

objectivec.cryptography.ios_weak_hash

Severity

low

Resource

Cryptography

Language

Objective-C

Description

Weak Hash algorithm used. The hash algorithm is known to have hash collisions.

Rationale

Weak Hash algorithm used. The hash algorithm is known to have hash collisions.

The following code illustrates a vulnerable pattern detected by this rule:

// Test cases for ios-weak-hash rule

#import <Foundation/Foundation.h>
// VULNERABLE: Weak Hash algorithm used.
#import <CommonCrypto/CommonDigest.h>

// ============================================
// POSITIVE CASES (should trigger findings)
// ============================================

void badMD5Hash() {
    const char *str = "password";
    unsigned char result[CC_MD5_DIGEST_LENGTH];
    // VULNERABLE: Weak Hash algorithm used.
    CC_MD5(str, (CC_LONG)strlen(str), result);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References