Do not use weak cryptographic algorithms

Flags use of cryptographic algorithms that are considered weak or broken. Use stronger algorithms such as SHA256 or AES.

Encryption algorithms such as System.Security.Cryptography.TripleDES and hashing algorithms such as System.Security.Cryptography.SHA1 and System.Security.Cryptography.RIPEMD160 are considered to be weak.

These cryptographic algorithms do not provide as much security assurance as more modern counterparts. Cryptographic hashing algorithms System.Security.Cryptography.SHA1 and System.Security.Cryptography.RIPEMD160 provide less collision resistance than more modern hashing algorithms. The encryption algorithm System.Security.Cryptography.TripleDES provides fewer bits of security than more modern encryption algorithms.

Weak algorithms are vulnerable to practical attacks and should never protect sensitive data.

Use cryptographically stronger options:

• For TripleDES encryption, use System.Security.Cryptography.Aes encryption.

• For SHA1 or RIPEMD160 hashing functions, use ones in the SHA-2 family (for example, System.Security.Cryptography.SHA512, System.Security.Cryptography.SHA384, and System.Security.Cryptography.SHA256).

Suppress a warning from this rule when the level of protection needed for the data does not require a security guarantee.