---
title: Use Only Approved Cryptographic Algorithms
impact: HIGH
impactDescription: prevents use of broken cryptography
tags: cryptography, crypto, hashing, encryption, security, csharp
---

## Use Only Approved Cryptographic Algorithms

Obsolete algorithms (MD5, SHA1, DES) are vulnerable to collision and pre-image attacks.

**Incorrect (broken algorithms):**

```csharp
using System.Security.Cryptography;

// MD5 is broken
var md5 = MD5.Create(); 
// SHA1 is broken
var sha1 = SHA1.Create(); 
// DES is broken
var des = DES.Create();
```

**Correct (strong algorithms):**

```csharp
// SHA-256 or higher for hashing
using var sha256 = SHA256.Create();

// AES for encryption (GCM recommended)
using var aes = Aes.Create();
aes.KeySize = 256;
aes.Mode = CipherMode.CBC; // Or GCM via AesGcm class
```

**Tools:** Roslyn Analyzers (CA5350, CA5351), SonarQube