Dart Weak Hash Md5
Description
This detector identifies the use of MD5 hashing algorithm in Dart applications. MD5 is cryptographically broken and should not be used for security-sensitive operations as it's vulnerable to collision attacks and can be easily cracked. Applications should use stronger hashing algorithms like SHA-256 or SHA-3 instead.
Detection Strategy
• The crypto package (package:crypto/crypto.dart) must be imported in the file
• There must be a method call or expression that creates an MD5 hash object
• The MD5 object creation must have suspicious usage patterns in its first argument that indicate actual hashing operations
Vulnerable code example
import 'package:crypto/crypto.dart';
// Vulnerable: Using weak MD5 hash on sensitive data
Digest hashPassword(List<int> password) {
return md5.convert(password); // MD5 is cryptographically broken
}✅ Secure code example
import 'package:crypto/crypto.dart';
// Safe: Using strong SHA-256 hash for password data
Digest hashPassword(List<int> password) {
return sha256.convert(password); // SHA-256 is cryptographically secure
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.