Reversible One Way Hash in crypt Module

PY002

reversible_one_way_hash

CWE-328

⚠️ Warning

---

The Python module crypt provides a number of functions for password hashing. However, some of the hashing functions supported by crypt are weak and should not be used. These weak hashing functions include CRYPT and MD5.

The CRYPT hashing function is a weak hashing function because it is based on a simple DES algorithm. This algorithm is relatively easy to crack, and passwords hashed with crypt can be easily recovered by attackers.

The MD5 hashing function is also a weak hashing function. MD5 is a cryptographic hash function that was designed in the early 1990s. MD5 is no longer considered secure, and passwords hashed with MD5 can be easily cracked by attackers.

If using the crypt module, it is recommended to use more secure methods such as SHA256 and SHA512.

Examples

---

crypt.crypt

warning

import crypt


crypt.crypt("password", salt=crypt.METHOD_MD5)

crypt.mksalt

warning

import crypt


crypt.mksalt(crypt.METHOD_CRYPT)

Remediation

---

The recommendation is to swap the insecure hashing method to one of the more secure alternatives, SHA256 or SHA512.

crypt.crypt

fix

import crypt


crypt.crypt("password", salt=crypt.METHOD_SHA256)

crypt.mksalt

fix

import crypt


crypt.mksalt(crypt.METHOD_SHA512)

Alternatives to Crypt

---

There are a number of alternatives to weak hashing functions. These alternatives include bcrypt, pbkdf2, and scrypt.

• bcrypt is a secure password hashing function that is based on the Blowfish block cipher. Bcrypt is considered to be one of the most secure password hashing functions available.

• PBKDF2 is a secure password hashing function that is based on the HMAC cryptographic function. PBKDF2 is considered to be one of the most secure password hashing functions available.

• scrypt is a secure password hashing function that is based on the bcrypt algorithm. Scrypt is designed to be more secure than bcrypt, and it is also more resistant to GPU-based attacks.

False Positives

---

In the case of a false positive the rule can be suppressed. Simply add a trailing or preceding comment line with either the rule ID (PY002) or rule category name (reversible_one_way_hash).

Using rule ID

fix

import crypt


# suppress: PY002
crypt.crypt("password", salt=crypt.METHOD_MD5)

Using category name

fix

import crypt


# suppress: reversible_one_way_hash
crypt.crypt("password", salt=crypt.METHOD_MD5)

See also

---

info

• crypt — Function to check Unix passwords
• CWE-328: Use of Weak Hash
• NIST Policy on Hash Functions