Събитие
Създаване на интелигентни приложения
17.03, 23 ч. - 21.03, 23 ч.
Присъединете се към поредицата срещи, за да изградите мащабируеми AI решения, базирани на реални случаи на употреба с колеги разработчици и експерти.
Регистрирайте се сегаТози браузър вече не се поддържа.
Надстройте до Microsoft Edge, за да се възползвате от най-новите функции, актуализации на защитата и техническа поддръжка.
Property | Value |
---|---|
Rule ID | CA5379 |
Title | Ensure key derivation function algorithm is sufficiently strong |
Category | Security |
Fix is breaking or non-breaking | Non-breaking |
Enabled by default in .NET 9 | No |
Use of one of the following algorithms when instantiating System.Security.Cryptography.Rfc2898DeriveBytes:
The Rfc2898DeriveBytes class defaults to using the SHA1 algorithm. When instantiating an Rfc2898DeriveBytes object, you should specify a hash algorithm of SHA256 or higher. Note that Rfc2898DeriveBytes.HashAlgorithm property only has a get
accessor.
Because MD5 or SHA1 are vulnerable to collisions, use SHA256 or higher for the Rfc2898DeriveBytes class.
Older versions of .NET Framework or .NET Core may not allow you to specify a key derivation function hash algorithm. In such cases, you need to upgrade the target framework version of .NET to use a stronger algorithm.
It is not recommended to suppress this rule except for application compatibility reasons.
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
#pragma warning disable CA5379
// The code that's violating the rule is on this line.
#pragma warning restore CA5379
To disable the rule for a file, folder, or project, set its severity to none
in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA5379.severity = none
For more information, see How to suppress code analysis warnings.
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.MD5);
}
}
using System.Security.Cryptography;
class DerivedClass : Rfc2898DeriveBytes
{
public DerivedClass (byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm) : base(password, salt, iterations, hashAlgorithm)
{
}
}
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var derivedClass = new DerivedClass(password, salt, iterations, HashAlgorithmName.MD5);
}
}
using System.Security.Cryptography;
class DerivedClass : Rfc2898DeriveBytes
{
public DerivedClass (byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm) : base(password, salt, iterations, hashAlgorithm)
{
}
public HashAlgorithmName HashAlgorithm { get; set;}
}
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var derivedClass = new DerivedClass(password, salt, iterations, HashAlgorithmName.MD5);
derivedClass.HashAlgorithm = HashAlgorithmName.SHA256;
}
}
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.SHA256);
}
}
Обратна връзка за .NET
.NET е проект с отворен код. Изберете връзка, за да предоставите обратна връзка:
Събитие
Създаване на интелигентни приложения
17.03, 23 ч. - 21.03, 23 ч.
Присъединете се към поредицата срещи, за да изградите мащабируеми AI решения, базирани на реални случаи на употреба с колеги разработчици и експерти.
Регистрирайте се сега