The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Standard algorithms like SHA-256, SHA-384, SHA-512, ... should be used instead.

This rule tracks creation of java.security.MessageDigest subclasses.

Noncompliant Code Example

MyCryptographicAlgorithm extends MessageDigest {
  ...
}

See