Cryptographic weakness from MD5 hash usage in PyCryptodome

Medium Risk cryptographic-weakness

What it is

Cryptographic weakness: Attackers can forge collisions, undermining signatures, integrity checks, and file or token verification.

Why it happens

Using Crypto.Hash.MD5 for password storage or verification instead of modern password hashing functions.

Root causes

MD5 for Password Hashing

Using Crypto.Hash.MD5 for password storage or verification instead of modern password hashing functions.

Legacy System Compatibility

Maintaining MD5 usage for compatibility with older systems that expect MD5 hashes.

File Integrity Checking

Using MD5 for file checksums without understanding collision attack risks for security-critical verification.

Fixes

1

Use SHA-256 or SHA-3

Replace MD5 with SHA-256, SHA-512, or SHA-3 for cryptographic hashing needs.

2

Use bcrypt/Argon2 for Passwords

For password hashing, use dedicated functions like bcrypt, scrypt, or Argon2 instead of any fast hash.

3

Implement HMAC for Verification

For message authentication, use HMAC with SHA-256 instead of plain MD5 hashing.

Detect This Vulnerability in Your Code

Sourcery automatically identifies cryptographic weakness from md5 hash usage in pycryptodome and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities