Click to see the query in the CodeQL repository
Hash functions that are not sufficiently computationally hard can leave data vulnerable. You should not use such functions for password hashing.
A strong cryptographic hash function should be resistant to:
Pre-image attacks. If you know a hash value h(x), you should not be able to easily find the input x.
Collision attacks. If you know a hash value h(x), you should not be able to easily find a different input y with the same hash value h(x) = h(y).
Brute force. If you know a hash value h(x), you should not be able to find an input y that computes to that hash value using brute force attacks without significant computational effort. All of MD5, SHA-1, SHA-2 and SHA-3 are weak against offline brute forcing, since they are not sufficiently computationally hard. This includes SHA-224, SHA-256, SHA-384 and SHA-512, which are in the SHA-2 family.
Password hashing algorithms should be slow and/or memory intensive to compute, to make brute force attacks more difficult.
For password storage, you should use a sufficiently computationally hard cryptographic hash function, such as one of the following:
Argon2
scrypt
bcrypt
PBKDF2
The following examples show two versions of the same function. In both cases, a password is hashed using a cryptographic hashing algorithm. In the first case, the SHA-512 hashing algorithm is used. It is vulnerable to offline brute force attacks:
Here is the same function using Argon2, which is suitable for password hashing:
OWASP: Password Storage Cheat Sheet
GitHub: CryptoSwift README - Password-Based Key Derivation Function
libsodium: libsodium bindings for other languages
GitHub: Argon2Swift
Common Weakness Enumeration: CWE-327.
Common Weakness Enumeration: CWE-328.
Common Weakness Enumeration: CWE-916.