Scala

Scala

Made by DeepSource

Audit required: Insecure hash function SC-A1001

Security
Major

D2, MD4, MD5, SHA1 signature algorithms are known to be vulnerable to [collision attacks[(https://en.wikipedia.org/wiki/Collision_attack). Attackers can exploit this to generate another certificate with the same digital signature, allowing them to masquerade as the affected service.

A hash function takes a variable-length digital input and coverts it into a fixed-length random hash value.

Hashing algorithms like MD5 and SHA-1 are vulnerable to collision attacks. In a collision attack, an attacker finds two messages with the same hashed output and sends the incorrect one to the receiver.

It is recommended to use safer alternatives, such as SHA-256, SHA-512, SHA-3.

References: