The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like Argon2PasswordHasher, BCryptPasswordHasher, …​ should be used instead.

This rule tracks creation of BasePasswordHasher subclasses for Django applications.

Recommended Secure Coding Practices

• Use a standard algorithm instead of creating a custom one.

Sensitive Code Example

class CustomPasswordHasher(BasePasswordHasher):  # Sensitive
    # ...

See

• OWASP Top 10 2021 Category A2 - Cryptographic Failures
• OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
• MITRE, CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
• SANS Top 25 - Porous Defenses