risky_crypto_use: | Using a weak hashing algorithm. The RIPEMD, MD2, MD4, MD5, SHA0 and SHA1 cryptographic hashing algorithms are not collision resistant. Furthermore, these algorithms suffer from length extension attacks: without knowing the original unhashed message, an attacker can generate a valid hash for messages that have the original message as a prefix. |
crypto: | 1) Use a strong, well-vetted cryptographic hash function that is currently not known to suffer these weaknesses, such as a SHA-2 family hash like SHA-256. 2) Use a hashed message authenticated code (HMAC) when comparing the output of the hash to a value provided by a user, such as to ensure a value has not been tampered with. 3) Use a password-based key derivative function such as PBKDF2, scrypt, or bcrypt for deriving the key, when the data going into the hash function is a user-provided password or passphrase. |
side_effect_free: | Calling "java.lang.Double.valueOf("9007199254740991.12456")" is only useful for its return value, which is ignored. |
large_shift: | In expression "1 << 53", left shifting by more than 31 bits implicitly performs a modulus operation on the shift amount. The shift amount is 53. |