# Weak Password Hashing Algorithm

- ID: python-weak-password-hashing
- Severity: HIGH
- CWE: CWE-916 (CWE-916)
- Languages: Python
- Frameworks: django, flask, fastapi

## Description

Detects use of weak password hashing algorithms like MD5 or SHA-1 instead of bcrypt, argon2, or PBKDF2.

## Remediation

Use bcrypt, argon2, or PBKDF2 for password hashing.

```python
import bcrypt
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=12))
```

Learn more: https://shoulder.dev/learn/python/cwe-916/weak-password-hashing

## Documentation

[object Object]

## Related Rules

- **Weak Password Storage** [HIGH]: