Insecure Encryption Algorithm - SHA1 - Elixir

Need

To secure the information transmitted between the client and the server using cryptographically secure algorithms.

Context

1. Usage of Elixir (1.12.0 and above) for building scalable and fault-tolerant applications
2. Usage of Plug (1.11.1 and above) for building composable web applications in Elixir
3. Usage of Plug.Crypto for cryptographic operations (version 1.2.0 and above)

Description

Insecure Code Example

defmodule MyApp.Encryption do
  def generate_hash(data) do
    :crypto.hash(:sha, data)
  end
end

This code is vulnerable because it uses the SHA1 encryption algorithm which is considered insecure. It could allow an attacker to reverse a summary function to find sensitive information.

Steps

1. Replace the insecure SHA1 algorithm with a secure one like SHA256 or SHA3.
2. Ensure to use the appropriate hash function based on the encryption algorithm.

Secure Code Example

defmodule MyApp.Encryption do
  def generate_hash(data) do
    :crypto.hash(:sha256, data)
  end
end

In this secure code example, we've replaced the SHA1 encryption algorithm with SHA256, which is considered secure. This will effectively mitigate the risks associated with SHA1.

References

Last updated

2023/09/18