---
title: Use Approved Cryptographic Algorithms
impact: CRITICAL
impactDescription: ensures data is protected by strong, vetted encryption
tags: security, cryptography, encryption, standards
---

## Use Approved Cryptographic Algorithms

Avoid custom or weak cryptographic algorithms (like MD5, SHA1 for passwords). Use industry standards like AES-256 for encryption and BCrypt for password hashing.

**Incorrect (weak or custom crypto):**

```ruby
# MD5 is insecure for password hashing
digest = Digest::MD5.hexdigest(password)
```

**Correct (industry standards):**

```ruby
# For passwords
password_digest = BCrypt::Password.create(password)

# For symmetric encryption (Rails MessageEncryptor uses AES-256-GCM by default)
crypt = ActiveSupport::MessageEncryptor.new(key)
encrypted_data = crypt.encrypt_and_sign(data)
```

**Tools:** Brakeman, Manual Review
---