gitlab.flawfinder.crypt-1.crypt_r-1

137

Download Count*

MIT

License

Use a different algorithm, such as SHA-256, with a larger, non-repeating salt.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.crypt-1.crypt_r-1
    languages:
      - c
    message: >
      Use a different algorithm, such as SHA-256, with a larger, non-repeating
      salt.
    metadata:
      cwe: "CWE-327: The crypt functions use a poor one-way hashing algorithm; since
        they only accept passwords of 8 characters or fewer and only a two-byte
        salt, they are excessively vulnerable to dictionary attacks given
        today's faster computing equipment (CWE-327)"
      primary_identifier: flawfinder.crypt-1.crypt_r-1
      secondary_identifiers:
        - name: Flawfinder - crypt
          type: flawfinder_func_name
          value: crypt
        - name: Flawfinder - crypt_r
          type: flawfinder_func_name
          value: crypt_r
      license: MIT
    pattern-either:
      - pattern: crypt(...)
      - pattern: crypt_r(...)
    severity: ERROR

Short Link: https://sg.run/657w