Young hacker smiling

Zero false positives

Expert intelligence + effective automation

REQ.150 Set minimum size for hash functions

This document contains the details of the security requirements related to the definition and management of cryptographic systems. This requirement establishes the importance of protecting encrypted sensitive information by setting a minimum size for all hash functions in the system.


Hash functions must be used with a minimum size of 256 bits.


  1. OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.

Service status - Terms of Use