Go

Go

By DeepSource

Import blacklist: crypto/md5GSC-G501

Security

Detects imports of crypto/md5 since they are considered vulnerable.

Go's official documentation also warns against the usage of MD5

Most common alternative for the insecure algorithm:

  • Use SHA512 instead of MD5

Although, we recommend doing some initial research before using any encryption/hashing algorithm to determine which is best for your use case.

Refer to https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities to understand the vulnerability in detail.

Examples

Bad practice

package main

import (
    "crypto/md5"
    "fmt"
    "os"
)
func main() {
    for _, arg := range os.Args {
        fmt.Printf("%x - %s
", md5.Sum([]byte(arg)), arg)
    }
}

References