weak-password-hashing-anti-pattern
Installation
SKILL.md
Weak Password Hashing Anti-Pattern
Severity: High
Summary
Applications use fast general-purpose hash functions (MD5, SHA-1, SHA-256) without salting for password storage, enabling rapid cracking via rainbow tables or GPU-accelerated brute-force (billions of hashes per second). Results in mass account compromise and credential stuffing attacks.
The Anti-Pattern
The anti-pattern is using cryptographic hash functions that are too fast or lack essential features like salting and adjustable work factors, making them vulnerable to offline attacks.
BAD Code Example
# VULNERABLE: Using MD5 for password hashing.
import hashlib