6 "crypto/rand"
7
8 // nolint:gosec // we don't use this hash in a sensitive capacity, so we don't care that its weak
9 "crypto/sha1"10 "crypto/sha256"
11 "encoding/base64"
12 "encoding/hex"
Detects imports of crypto/sha1
since they are considered vulnerable.
Go's official documentation also warns against the usage of SHA1.
Most common alternative for the insecure algorithm:
Although, we recommend doing some initial research before using any encryption/hashing algorithm to determine which is best for your use case.
Refer to https://en.wikipedia.org/wiki/SHA-1#Attacks to understand the vulnerability in detail.
package main
import (
"crypto/sha1"
"fmt"
"os"
)
func main() {
for _, arg := range os.Args {
fmt.Printf("%x - %s
", sha1.Sum([]byte(arg)), arg)
}
}