Skip to main content
powershell/PSAvoidUsingBrokenHashAlgorithms is a PSScriptAnalyzer diagnostic emitted by tally for PowerShell snippets embedded in Dockerfiles.

Description

Avoid using the broken algorithms MD5 or SHA-1.

How

Replace broken algorithms with secure alternatives. MD5 and SHA-1 should be replaced with SHA256, SHA384, SHA512, or other safer algorithms when possible, with MD5 and SHA-1 only being utilized by necessity for backwards compatibility.

Example 1

Problematic code

Correct code

Example 2

Problematic code

Correct code

Source

This rule documentation is adapted from Microsoft’s PSScriptAnalyzer documentation for AvoidUsingBrokenHashAlgorithms, licensed under CC BY 4.0.