Rule Information
Tags
pythonhashlib-newweak-hashalgorithm-selectioncryptographyCWE-327OWASP-A02
CWE References
Interactive Playground
Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.
pathfinder scan --ruleset python/PYTHON-LANG-SEC-032 --project .1
2
3
4
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
About This Rule
Understanding the vulnerability and how it is detected
Python's hashlib.new() creates a hash object for the algorithm specified by a string name. Unlike direct constructors such as hashlib.md5() or hashlib.sha256(), the algorithm name in hashlib.new() is a runtime string that may be derived from configuration, user input, or other external sources.
This creates two distinct risks: first, if the algorithm name is derived from untrusted input, an attacker can select a weak or broken algorithm; second, even in code that uses hardcoded names, the dynamic nature means the algorithm choice is not visible at the call site without examining the string value.
All insecure algorithm names (md5, sha1, sha224, sha3_224) should be replaced with sha256, sha3_256, sha512, or sha3_512. Algorithm names should never be derived from user input.
Security Implications
Potential attack scenarios if this vulnerability is exploited
1
Dynamic Algorithm Selection Attack
If the algorithm name passed to hashlib.new() is derived from user input or external configuration, an attacker can select a broken algorithm (md5, sha1) to weaken integrity checks or make hashes easier to preimage or collide.
2
Weak Algorithm via Hardcoded Insecure Name
Code calling hashlib.new("md5") or hashlib.new("sha1") has the same cryptographic weaknesses as calling hashlib.md5() or hashlib.sha1() directly. The runtime string form may escape static analysis tools that only check direct constructor calls.
3
Algorithm Downgrade in Protocol Negotiation
In protocols that negotiate hash algorithms and use hashlib.new() to instantiate the negotiated algorithm, an attacker performing a downgrade attack can negotiate a weak algorithm, undermining the security of the entire protocol session.
4
Inconsistent Algorithm Enforcement
Using hashlib.new() with algorithm names from configuration makes it difficult to audit which algorithms are in use. Different deployments may use different algorithms, creating inconsistent security guarantees across environments.
How to Fix
Recommended remediation steps
- 1Replace hashlib.new("md5"), hashlib.new("sha1"), and hashlib.new("sha224") with hashlib.sha256() or hashlib.sha3_256().
- 2If the hash algorithm must be configurable, validate the algorithm name against an explicit allowlist of strong algorithms before calling hashlib.new().
- 3Never derive the algorithm name from user input, HTTP parameters, or database values.
- 4Prefer direct constructors (hashlib.sha256()) over hashlib.new("sha256") for clarity and to ensure static analysis tools can detect the algorithm.
- 5Document the cryptographic purpose of each hash operation to make algorithm selection auditable.
Detection Scope
How Code Pathfinder analyzes your code for this vulnerability
This rule detects all calls to hashlib.new() in Python source code. The rule flags all call sites since the algorithm name must be reviewed to ensure it is both a strong algorithm and not derived from untrusted input. Calls with strong, hardcoded algorithm names may be considered lower risk but should still be reviewed.
Compliance & Standards
Industry frameworks and regulations that require detection of this vulnerability
NIST SP 800-131A Revision 2
Only approved hash algorithms (SHA-256, SHA-384, SHA-512, SHA-3 family) may be used for security applications
OWASP Top 10
A02:2021 - Cryptographic Failures
PCI DSS v4.0
Requirement 4.2.1 - Use strong cryptography for data protection
FIPS 140-3
Only FIPS-approved hash algorithms are permitted in certified modules
References
External resources and documentation
Similar Rules
Explore related security rules for Python
MEDIUM
Insecure MD5 Hash Usage
MD5 is cryptographically broken and unsuitable for security-sensitive purposes. Use SHA-256 or SHA-3 instead.
MEDIUM
Insecure SHA-1 Hash Usage
SHA-1 is cryptographically weak due to practical collision attacks. Use SHA-256 or SHA-3 for security-sensitive hashing.
LOW
SHA-224 or SHA3-224 Weak Hash Usage
SHA-224 and SHA3-224 provide only 112-bit collision resistance, which is below the 128-bit minimum recommended by NIST for new applications.
Frequently Asked Questions
Common questions about Insecure Hash via hashlib.new()
hashlib.new() is flagged regardless of the algorithm string because: (1) the algorithm
may be a variable rather than a literal, requiring review to confirm it is always a
strong algorithm; (2) even with a strong algorithm, the dynamic form may be confused
with an insecure one in code review; (3) direct constructors are clearer and more
accessible to static analysis.
Safe algorithms include sha256, sha384, sha512, sha3_224, sha3_256, sha3_384, sha3_512,
blake2b, and blake2s. Insecure algorithms include md5, sha1, sha224, and md4. Note that
sha3_224 and sha224 provide only 112-bit security against collision attacks, which is
below modern recommendations.
Only if validated against a strict allowlist of approved algorithm names. Never pass
a raw user input string to hashlib.new() without validation, as users could request
md5, sha1, or an unsupported algorithm name causing an error or using a weak hash.
They produce identical results. hashlib.sha256() is more explicit, more readable,
and easier for static analysis tools to identify. hashlib.new("sha256") is useful
when the algorithm name needs to be determined at runtime. For hardcoded algorithms,
always prefer the direct constructor form.
Yes. hashlib.new() can access all hash algorithms provided by the underlying OpenSSL
library, not just the ones with dedicated constructors. This means it can use algorithms
not available as direct constructors but may also inadvertently use deprecated or
experimental OpenSSL algorithms. Use hashlib.algorithms_guaranteed for the list of
always-available algorithms.
Run Code Pathfinder's PYTHON-LANG-SEC-032 rule to find all hashlib.new() calls. Then
manually review each call to check whether the algorithm name is a hardcoded string
and whether it is a strong algorithm. Supplement with a text search for hashlib.new("md5"),
hashlib.new("sha1"), and hashlib.new("sha224") to find obviously weak usages.
New feature
Get these findings posted directly on your GitHub pull requests
The Insecure Hash via hashlib.new() rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.