avoid-weak-cryptographic-algorithms
Warns when a weak cryptographic algorithm (ex. md5 or sha1) is used.
Although there are still some valid cases to use those algorithms, it's best to avoid them if you need to secure the data. Consider using more advanced algorithms instead.
Example
❌ Bad:
import 'dart:convert';
import 'package:crypto/crypto.dart';
void main() {
md5; // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
sha1; // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
final key = utf8.encode('password1234');
final hmacMd5 = Hmac(md5, key); // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
final hmacSha1 = Hmac(sha1, key); // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
DES(); // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
DES3(); // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
RC4(); // LINT: Avoid weak cryptographic algorithms. Such algorithms may lead to sensitive data exposure, key leakage, broken authentication, etc.
}
✅ Good:
import 'dart:convert';
import 'package:crypto/crypto.dart';
void main() {
sha256;
final hmacSha256 = Hmac(sha256, key); // Correct, sha256 is stronger
}