Overview
This rule flags Apex code that uses encryption algorithms no longer considered secure by today's standards. In Apex, developers can use the System.Crypto class to implement various encryption algorithms. However, some algorithms such as SHA1 and MD5 are no longer considered secure. According to the latest OWASP Top 10, using weak encryption is a top risk.
β
Code Reviews classifies this as an Critical because it directly compromises data confidentiality and integrity, making sensitive information vulnerable to attackers and posing a critical security risk to your application.
Why This Matters
Using weak encryption algorithms can lead to:
Data Compromise: Attackers can exploit cryptographic weaknesses to decrypt sensitive data, leading to unauthorized disclosure and potential data breaches.
Authentication Bypass: Weak hashing algorithms used for password storage can be susceptible to brute force or rainbow table attacks, allowing attackers to compromise user accounts.
Integrity Violations: Weak signature algorithms can allow attackers to tamper with data without detection, compromising data integrity.
Compliance Violations: Using insecure encryption violates various data protection regulations (e.g., GDPR, HIPAA) and internal security policies.
Cryptographic Failures (OWASP Top 10 A02:2021): This is a critical risk category focusing on situations where sensitive information is not properly protected, often due to hardcoded passwords, storing secrets in plain text, or using insufficiently robust encryption.
Reputational Damage: Security incidents resulting from the use of weak cryptography can severely harm an organization's reputation and lead to a loss of customer trust.
What Triggers This Rule
Code Reviews flags Apex code that uses methods from the System.Crypto class with parameters specifying the use of:
MD5 hashing algorithm.
SHA1 hashing algorithm.
Recommended Safeguards
To ensure strong cryptographic protection for your sensitive data:
Use Strong, Modern Algorithms: Always use robust and currently recommended encryption and hashing algorithms (e.g., SHA-256, SHA-512, AES-256) available in
System.Crypto. Consult cryptographic best practices and security standards regularly.Avoid MD5 and SHA1: Explicitly avoid using MD5 and SHA1 algorithms for security critical functions like password hashing, digital signatures, or data integrity checks, as they are considered insecure.
Secure Key Management: Ensure that encryption keys are securely generated, stored, and managed, separate from the application code.
Salt and Pepper Password Hashes: When storing passwords, always use a strong, unique salt for each password before hashing to defend against rainbow table attacks.
Implement Secure Code Reviews: Integrate checks for cryptographic algorithm strength into your code review process.
Automate with Static Analysis: Utilize tools like Code Reviews to automatically detect and flag the use of weak encryption algorithms during development, providing early feedback to developers.
Stay Updated: Keep abreast of the latest cryptographic recommendations from organizations like OWASP and NIST, and update your code accordingly.
Summary
Using weak encryption algorithms like SHA1 and MD5 is an Error because they are no longer considered secure by today's standards and constitute a top risk according to OWASP. Code Reviews detects instances where the System.Crypto class implements these insecure algorithms. Employing strong, modern cryptographic algorithms is crucial for protecting sensitive data, maintaining data integrity, and ensuring compliance and trustworthiness of your Salesforce application.
Related Resources:
Apex Reference - Crypto Class
OWASP Top 10 2021 - Cryptographic Failures
Stack Exchange - What cryptographic algorithms are not considered secure?
Encryption and Signature Techniques in Apex - Salesforce Developer Blog