Our penetration team has raised below point:
Cryptographic hash algorithms such as MD2, MD4, MD5, MD6, HAVAL-128, HMAC-MD5, DSA (which uses SHA-1), RIPEMD, RIPEMD-128, RIPEMD-160, HMACRIPEMD160 and SHA-1 are no longer considered secure, because it is possible to have collisions (little computational effort is enough to find two or more different inputs that produce the same hash).
Using weak hashing algorithms could result in sensitive data exposure, key leakage, broken authentication, insecure sessions, and spoofing attacks.
Recommendations:
it is recommended to be using safer/stronger hashing alternatives, such as SHA-256, SHA-512, SHA-3 etc.
this SHA-1 reference they found it android “SecureHashUtil” file and we are unable to find a solution to resolve this. Need help