Audit required: MD5 cipher algorithm is cryptographically broken GO-S1023

MD5 is cryptographically broken and should not be used for secure applications. It is recommended to use better replacement algorithms instead.

MD5 is widely used as a hash function for producing 128-bit hash value but it suffers from extensive vulnerabilities and it highly recommended to not use MD5.

Bad practice

h := md5.New()
_, _ = io.Copy(h, f)

References

• MD5
• CWE-327
• OWASP A2:2021
• Go: crypto/md5
• Crypto StackExchange: Replacement Algorithms