Cryptographic weakness due to MD2 hash usage in PyCryptodome

High Risk Cryptographic Vulnerabilities
pythoncryptographypycryptodomehashmd2collision-attack

What it is

The MD2 hash algorithm is cryptographically broken and vulnerable to collision attacks. MD2 lacks collision resistance, making it possible for attackers to generate different inputs that produce the same hash output. This can lead to forged signatures, bypassed integrity checks, and compromised authentication mechanisms.

ℹī¸ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹī¸ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

ℹī¸ Configuration Fix

Configuration changes required - see explanation below.

💡 Explanation

Why it happens

Code uses MD2: from Crypto.Hash import MD2; h = MD2.new(); h.update(data). MD2 obsolete hash from 1989. Cryptographically broken with collision attacks. No legitimate use case. Removed from most cryptographic libraries. RFC 6149 moved to Historic status.

Root causes

Using MD2 Hash Function from PyCryptodome

Code uses MD2: from Crypto.Hash import MD2; h = MD2.new(); h.update(data). MD2 obsolete hash from 1989. Cryptographically broken with collision attacks. No legitimate use case. Removed from most cryptographic libraries. RFC 6149 moved to Historic status.

Legacy X.509 Certificate Systems with MD2 Signatures

Old PKI systems using MD2 signature algorithm. Certificate authorities historically used MD2. Certificates from 1990s may have MD2 signatures. Modern browsers reject MD2-signed certificates. Certificate validation code may still support MD2 for compatibility.

Using MD2 for Checksum or Integrity Verification

Checksums with MD2 for file integrity. Data verification using MD2. Collision attacks enable tampering without detection. MD2 unsuitable for integrity checks. Modern checksums use SHA-256 or SHA-3. Even for non-cryptographic purposes, better alternatives exist.

Supporting MD2 for Legacy Interoperability

Maintaining MD2 support for old systems. Backward compatibility with ancient applications. Vendor requirements. Third-party integration requiring MD2. Interoperability shouldn't justify broken hashes. Security more important than compatibility with obsolete systems.

Copying Code Using MD2 from Old Examples

Following obsolete documentation or tutorials. Stack Overflow answers from 2000s. Textbook examples using MD2. Not checking algorithm security status. Copying without understanding. Old code examples perpetuating weak hash usage.

Fixes

1

Replace MD2 with SHA-256 for All Hash Operations

Use SHA-256: from hashlib import sha256; h = sha256(); h.update(data); digest = h.hexdigest(). NIST approved. Cryptographically secure. Fast and widely supported. SHA-256 appropriate for integrity checks, digital signatures, and general hashing. No reason to use MD2.

2

Use SHA-3 for New Cryptographic Applications

Modern SHA-3: from hashlib import sha3_256; h = sha3_256(data). Latest NIST standard. Different design from SHA-2. Provides security margin. Suitable for new applications. Consider SHA-3 for future-proofing cryptographic systems.

3

Reject MD2 in Certificate Validation

Disable MD2 in certificate verification: explicitly check signature algorithm. Reject certificates with MD2 signatures: if cert.signature_algorithm == 'md2': raise ValueError('Insecure signature'). Modern TLS libraries already reject MD2. Ensure no fallback support.

4

Use BLAKE2 for High-Performance Hashing

Fast secure hash: from hashlib import blake2b; h = blake2b(data). Faster than MD5/SHA-1 on modern CPUs. Cryptographically secure. Designed for performance. Good for checksums, HMACs, or general hashing. Better alternative when speed required.

5

Implement Hash Algorithm Validation

Allowlist approved hashes: APPROVED_HASHES = {'sha256', 'sha384', 'sha512', 'sha3_256', 'blake2b'}; if hash_name not in APPROVED_HASHES: raise ValueError('Unapproved hash'). Runtime validation. Configuration checks. Policy enforcement. Prevent weak hash usage.

6

Remove MD2 Support Completely from Codebase

Find MD2 usage: grep -r 'MD2' --include="*.py". Remove all MD2 code. Update dependencies removing MD2 support. Documentation prohibiting MD2. Security policy against obsolete hashes. Complete elimination prevents accidental usage.

Detect This Vulnerability in Your Code

Sourcery automatically identifies cryptographic weakness due to md2 hash usage in pycryptodome and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities