RSTR-CRY-002 — SHA-1 used for hashing

Summary

SHA-1 is broken: the SHAttered attack (2017) produced the first practical collision, and modern attacks can produce chosen-prefix collisions for under USD 50,000. SHA-1 is unsuitable for any new security use.

Severity

High.

Languages

Python, JavaScript, TypeScript, Java, Kotlin, Go, Rust.

What rastray flags

Python: hashlib.sha1(...)
Node: crypto.createHash('sha1') / crypto.createHash("sha1")
Java: MessageDigest.getInstance("SHA-1") and "SHA1"
Go: sha1.New() (after importing crypto/sha1)

How to fix it

Replace with SHA-256. rastray --fix --yes auto-applies the substitution across all four languages.

For HMAC specifically, HMAC-SHA1 is still considered safe for integrity because HMAC's security doesn't reduce to the underlying hash's collision resistance — but new code should use HMAC-SHA256 anyway because there's no reason to prefer the broken hash.

References

SHAttered: the first SHA-1 collision
NIST: SP 800-131A retirement of SHA-1
CWE-328: Use of Weak Hash

rastray rules