Dim hashMD5 As New MD5CryptoServiceProvider()
我有这行代码,它被检测为漏洞Cryptography.InsecureAlgorithm
有人知道如何解决这个问题吗?
最佳答案
众所周知,MD5 在很长一段时间内就被破解,并且使用它是不安全的。来自 Wikipedia - MD5 :
The security of the MD5 has been severely compromised, with its weaknesses having been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use"
MSDN - MD5CryptoServiceProvider还警告不要这样做:
Newer hash functions such as the Secure Hash Algorithms SHA-256 and SHA-512 are available. Consider using the SHA256 class or the SHA512 class instead of the MD5CryptoServiceProvider class. Use MD5CryptoServiceProvider only for compatibility with legacy applications and data.
因此,如果您将其用于安全性(例如存储散列密码),则应切换到更新的散列函数。
仍然有一些合法的用法,特别是为了向后兼容旧系统。维基百科还指出:
Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption.
如果这是您的情况,您可以安全地忽略该错误(并指示您的编译器或分析器隐藏它)。
关于asp.net - 密码学不安全算法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43774367/