CA5379: Ensure key derivation function algorithm is sufficiently strong
| Property | Value |
|---|---|
| Rule ID | CA5379 |
| Title | Ensure key derivation function algorithm is sufficiently strong |
| Category | Security |
| Fix is breaking or non-breaking | Non-breaking |
| Enabled by default in .NET 8 | No |
Cause
Use of one of the following algorithms when instantiating System.Security.Cryptography.Rfc2898DeriveBytes:
- System.Security.Cryptography.MD5
- System.Security.Cryptography.SHA1
- An algorithm that the rule can't determine at compile time
Rule description
The Rfc2898DeriveBytes class defaults to using the SHA1 algorithm. When instantiating an Rfc2898DeriveBytes object, you should specify a hash algorithm of SHA256 or higher. Note that Rfc2898DeriveBytes.HashAlgorithm property only has a get accessor.
How to fix violations
Because MD5 or SHA1 are vulnerable to collisions, use SHA256 or higher for the Rfc2898DeriveBytes class.
Older versions of .NET Framework or .NET Core may not allow you to specify a key derivation function hash algorithm. In such cases, you need to upgrade the target framework version of .NET to use a stronger algorithm.
When to suppress warnings
It is not recommended to suppress this rule except for application compatibility reasons.
Suppress a warning
If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.
#pragma warning disable CA5379
// The code that's violating the rule is on this line.
#pragma warning restore CA5379
To disable the rule for a file, folder, or project, set its severity to none in the configuration file.
[*.{cs,vb}]
dotnet_diagnostic.CA5379.severity = none
For more information, see How to suppress code analysis warnings.
Pseudo-code examples
Specify hash algorithm in constructor violation
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.MD5);
}
}
Specify hash algorithm in derived class' constructor violation
using System.Security.Cryptography;
class DerivedClass : Rfc2898DeriveBytes
{
public DerivedClass (byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm) : base(password, salt, iterations, hashAlgorithm)
{
}
}
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var derivedClass = new DerivedClass(password, salt, iterations, HashAlgorithmName.MD5);
}
}
Set hash algorithm property in derived classes violation
using System.Security.Cryptography;
class DerivedClass : Rfc2898DeriveBytes
{
public DerivedClass (byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm) : base(password, salt, iterations, hashAlgorithm)
{
}
public HashAlgorithmName HashAlgorithm { get; set;}
}
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var derivedClass = new DerivedClass(password, salt, iterations, HashAlgorithmName.MD5);
derivedClass.HashAlgorithm = HashAlgorithmName.SHA256;
}
}
Solution
using System.Security.Cryptography;
class ExampleClass
{
public void ExampleMethod(byte[] password, byte[] salt, int iterations, HashAlgorithmName hashAlgorithm)
{
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterations, HashAlgorithmName.SHA256);
}
}
