avoid-weak-cryptographic-algorithms

added in: 1.9.0

warning

Warns when a weak cryptographic algorithm (ex. md5 or sha1) is used.

Although there are still some valid cases to use those algorithms, it's best to avoid them if you need to secure the data. Consider using more advanced algorithms instead.

Example

❌ Bad:

import 'dart:convert';

import 'package:crypto/crypto.dart';

void main() {
  md5; // LINT
  sha1; // LINT

  final key = utf8.encode('password1234');
  final hmacMd5 = Hmac(md5, key); // LINT
  final hmacSha1 = Hmac(sha1, key); // LINT

  DES(); // LINT
  DES3(); // LINT
  RC4(); // LINT
}

✅ Good:

import 'dart:convert';

import 'package:crypto/crypto.dart';

void main() {
  sha256;

  final hmacSha256 = Hmac(sha256, key);
}

Example​

Example