SRI uses SHA-384 or stronger

ab-002429 · security-headers-ii.supply-chain.sri-strong-hash

Severity: mediumactive

Why it matters

Subresource Integrity hashes cryptographically verify that a resource loaded from a CDN has not been tampered with. SHA-256 is technically valid but weaker than the W3C-recommended minimum of SHA-384 — collision attacks on SHA-256 are within the theoretical reach of well-resourced adversaries, and the W3C explicitly recommends SHA-384 for SRI. CWE-345 (Insufficient Verification of Data Authenticity) and CWE-494 (Download of Code Without Integrity Check) both apply when hash strength is below recommended minimums. OWASP A08 (Software and Data Integrity Failures) flags weak or absent integrity verification as a supply chain risk.

Severity rationale

Medium because SHA-256-only SRI hashes are technically valid but below the W3C recommended strength floor, creating a marginal but unnecessary gap in supply chain integrity verification.

Remediation

Upgrade all SRI hashes from SHA-256 to SHA-384. Regenerate hashes using OpenSSL or a trusted SRI hash generator.

<!-- Before: SHA-256 only (below W3C recommended minimum) -->
<script src="https://cdn.example.com/lib.js"
  integrity="sha256-abc123..."
  crossorigin="anonymous"></script>

<!-- After: SHA-384 (W3C recommended minimum) -->
<script src="https://cdn.example.com/lib.js"
  integrity="sha384-xyz789..."
  crossorigin="anonymous"></script>

Generate SHA-384 hashes: openssl dgst -sha384 -binary lib.js | openssl base64 -A. You can also specify both algorithms (sha384-... sha512-...) for belt-and-suspenders verification — the browser uses the strongest supported hash.

Detection

ID: sri-strong-hash
Severity: medium
What to look for: Search all HTML templates, page components, and layout files for elements with integrity attributes. For each, parse the hash algorithm prefix. SHA-384 is the W3C recommended minimum — SHA-256 is technically valid but weaker. Count all SRI integrity attributes and their hash strengths.
Pass criteria: 100% of SRI hashes use SHA-384 or SHA-512. Report: "X of Y SRI hashes use SHA-384+."
Fail criteria: Any SRI integrity attribute uses only SHA-256 without SHA-384 or SHA-512.
Skip (N/A) when: No external scripts or stylesheets loaded — all resources are first-party or bundled.
Detail on fail: "X of Y SRI hashes use only SHA-256 — SHA-384 is the W3C recommended minimum" or "External stylesheet integrity uses sha256 only — upgrade to sha384"

Remediation: Upgrade SRI hashes from SHA-256 to SHA-384 (the W3C recommended minimum):

<!-- Before: SHA-256 only -->
<script src="https://cdn.example.com/lib.js"
  integrity="sha256-abc123..."
  crossorigin="anonymous"></script>

<!-- After: SHA-384 (recommended) -->
<script src="https://cdn.example.com/lib.js"
  integrity="sha384-xyz789..."
  crossorigin="anonymous"></script>

Generate SHA-384 hashes: openssl dgst -sha384 -binary lib.js | openssl base64 -A

External references

cwe · CWE-345 — Insufficient Verification of Data Authenticity
cwe · CWE-494 — Download of Code Without Integrity Check
owasp:2021 · A08

Taxons

supply-chain cryptography-and-secrets

History

2026-04-18·v1.0.0·Initial import from security-headers-ii·automated