Update Cryptographic Language (e.g. "weak")

Document/0x04b-Mobile-App-Security-Testing.md

@@ -139,7 +139,7 @@ When developing a mobile application, it's crucial to accurately identify and ha
 
 Properly distinguishing security-relevant contexts helps in minimizing false positives during security testing. False positives can divert attention from real issues and waste valuable resources. Here are some common scenarios:
 
-- **Random Number Generation**: Using weak random number generators can be a serious security flaw in contexts like authentication or encryption key generation. However, not all uses of random numbers are security-sensitive. For instance, using a less robust random number generator for non-security purposes like shuffling a list of items in a game is generally acceptable.
+- **Random Number Generation**: Using predictable random number generators can be a serious security flaw in contexts like authentication or encryption key generation. However, not all uses of random numbers are security-sensitive. For instance, using a less robust random number generator for non-security purposes like shuffling a list of items in a game is generally acceptable.
 
 - **Hashing**: Hashing is often used in security for storing passwords or ensuring data integrity. However, hashing a non-sensitive value, like a device's screen resolution for analytics, isn't a security concern.
 

Document/0x05d-Testing-Data-Storage.md

@@ -542,7 +542,7 @@ Deriving a key from a user provided passphrase is a common solution (depending o
 
 Each time the application needs to perform a cryptographic operation, the user's passphrase is needed. Either the user is prompted for it every time, which isn't an ideal user experience, or the passphrase is kept in memory as long as the user is authenticated. Keeping the passphrase in memory is not a best-practice, as any cryptographic material must only be kept in memory while it is being used. Zeroing out a key is often a very challenging task as explained in ["Cleaning out Key Material"](#cleaning-out-key-material).
 
-Additionally, consider that keys derived from a passphrase have their own weaknesses. For instance, the passwords or passphrases might be reused by the user or easy to guess. Please refer to the [Testing Cryptography chapter](0x04g-Testing-Cryptography.md#weak-key-generation-functions) for more information.
+Additionally, consider that keys derived from a passphrase have their own weaknesses. For instance, the passwords or passphrases might be reused by the user or easy to guess. Please refer to the [Testing Cryptography chapter](0x04g-Testing-Cryptography.md#improper-key-derivation-functions) for more information.
 
 #### Cleaning out Key Material
 

Document/0x05e-Testing-Cryptography.md

@@ -103,7 +103,7 @@ Keeping up-to-date and patched component is one of security principles. The same
 
 #### Older Android versions
 
-For some applications that support older versions of Android (e.g.: only used versions lower than Android 7.0 (API level 24)), bundling an up-to-date library may be the only option. Conscrypt library is a good choice in this situation to keep the cryptography consistent across the different API levels and avoid having to import [Bouncy Castle](https://www.bouncycastle.org/java.html "Bouncy Castle in Java") which is a heavier library.
+For some applications that support older versions of Android (e.g.: only used versions lower than Android 7.0 (API level 24)), bundling an up-to-date library may be the only option. Conscrypt library is a good choice in this situation to keep the cryptography consistent across the different API levels and avoid having to import [Bouncy Castle](https://www.bouncycastle.org/documentation/documentation-java/ "Bouncy Castle in Java") which is a heavier library.
 
 [Conscrypt for Android](https://github.com/google/conscrypt#android "Conscrypt - A Java Security Provider") can be imported this way:
 
@@ -210,7 +210,7 @@ KeyPair keyPair = keyPairGenerator.generateKeyPair();
 
 This sample creates the RSA key pair with a key size of 4096-bit (i.e. modulus size). Elliptic Curve (EC) keys can also be generated in a similar way. However as of Android 11 (API level 30), [AndroidKeyStore does not support encryption or decryption with EC keys](https://developer.android.com/guide/topics/security/cryptography#SupportedCipher). They can only be used for signatures.
 
-A symmetric encryption key can be generated from the passphrase by using the Password Based Key Derivation Function version 2 (PBKDF2). This cryptographic protocol is designed to generate cryptographic keys, which can be used for cryptography purpose. Input parameters for the algorithm are adjusted according to [weak key generation function](0x04g-Testing-Cryptography.md#weak-key-generation-functions) section. The code listing below illustrates how to generate a strong encryption key based on a password.
+A symmetric encryption key can be generated from the passphrase by using the Password Based Key Derivation Function version 2 (PBKDF2). This cryptographic protocol is designed to generate cryptographic keys, which can be used for cryptography purpose. Input parameters for the algorithm are adjusted according to [improper key generation function](0x04g-Testing-Cryptography.md#improper-key-derivation-functions) section. The code listing below illustrates how to generate a strong encryption key based on a password.
 
 ```java
 public static SecretKey generateStrongAESKey(char[] password, int keyLength)

Document/0x08c-Glossary.md

@@ -0,0 +1,34 @@
+---
+hide: toc
+title: Glossary
+---
+
+## Cryptographic Terms
+
+### Broken
+
+The meaning depends on the context.
+
+A "broken" cryptographic hash algorithm is a function that is denounced as "broken" because a collision attack exist that is faster to execute then a birthday attack ([Wikipedia, "2025.02.19"](https://en.wikipedia.org/wiki/Collision_attack "Collision attack")).
+
+An encryption mode of operation is "broken" if it, when implemented correctly, still faces the risk from known attacks that can "break" the confidentiality of the encrypted data.
+
+### Deprecated
+
+When mentioned as a cryptographic term it means a mode of operation, algorithm or cryptographic function that no longer is recommended to be used for certain cryptographic operations. The function may still be recommended for certain cryptographic operations even when deprecated.
+
+### Improper
+
+Used as a catch-all term to cover security behaviors that are either "Missing" or "Insufficient/Incorrect."
+
+### Insufficient
+
+According to MITRE. A general term used to describe when a security property or behavior can vary in strength on a continuous or sliding scale, instead of a discrete scale. The continuous scale may vary depending on the context and risk tolerance. For example, the requirements for randomness may vary between a random selection for a greeting message versus the generation of a military-strength key. On the other hand, a weakness that allows a buffer overflow is always incorrect - there is not a sliding scale that varies across contexts ([MITRE, "2024.07.07"](https://cwe.mitre.org/documents/glossary/index.html#Insufficient "Glossary")).
+
+### Risky
+
+A "risky" cryptographic hash algorithm is an algorithm without any known attacks, but that is insufficient when used under certain circumstances and because of that cary with it the risk of being compromised by an attack when used in the wrong context or for wrong purposes. The same can be considered for a "risky" encryption mode of operation.
+
+### Strength
+
+According to NIST. A number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. If 2N execution operations of the algorithm (or system) are required to break the cryptographic algorithm, then the security strength is N bits ([NIST, security strength](https://csrc.nist.gov/glossary/term/security_strength "security strength")).

demos/android/MASVS-CRYPTO/MASTG-DEMO-0012/MASTG-DEMO-0012.md

@@ -1,6 +1,6 @@
 ---
 platform: android
-title: Weak Cryptographic Key Generation
+title: Cryptographic Key Generation With Insufficient Key Length
 code: [java]
 id: MASTG-DEMO-0012
 test: MASTG-TEST-0208
@@ -14,7 +14,7 @@ test: MASTG-TEST-0208
 
 Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
-{{ ../../../../rules/mastg-android-weak-key-generation.yml }}
+{{ ../../../../rules/mastg-android-key-generation-with-insufficient-key-length.yml }}
 
 {{ run.sh }}
 
@@ -26,4 +26,4 @@ The rule has identified some instances in the code file where cryptographic keys
 
 ### Evaluation
 
-The test fails because the key size of the RSA key is set to `1024` bits, and the size of the AES key is set to `128`, which is considered weak in both cases.
+The test fails because the key size of the RSA key is set to `1024` bits, and the size of the AES key is set to `128`, which is considered insufficient in both cases.

demos/android/MASVS-CRYPTO/MASTG-DEMO-0012/output.txt

@@ -5,7 +5,7 @@
 └─────────────────┘
 
     MastgTest_reversed.java
-    ❯❱ weak_key_size
+    ❯❱ insufficient_key_size
           Cryptographic implementations with insufficient key length are being used.
 
            27┆ KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");

demos/android/MASVS-CRYPTO/MASTG-DEMO-0012/run.sh

@@ -1 +1 @@
-NO_COLOR=true semgrep -c ../../../../rules/mastg-android-weak-key-generation.yml ./MastgTest_reversed.java --text -o output.txt
+NO_COLOR=true semgrep -c ../../../../rules/mastg-android-key-generation-with-insufficient-key-length.yml ./MastgTest_reversed.java --text -o output.txt

demos/android/MASVS-CRYPTO/MASTG-DEMO-0022/MASTG-DEMO-0022.md

@@ -1,6 +1,6 @@
 ---
 platform: android
-title: Uses of Insecure Symmetric Encryption Algorithms in Cipher with semgrep
+title: Uses of Deprecated, Risky or Broken Symmetric Encryption Algorithms in Cipher with semgrep
 id: MASTG-DEMO-0022
 code: [kotlin]
 test: MASTG-TEST-0221
@@ -16,18 +16,18 @@ The code snippet below shows sample code contains use of insecure encryption alg
 
 Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
-{{ ../../../../rules/mastg-android-weak-encryption-algorithms.yaml }}
+{{ ../../../../rules/mastg-android-risky-encryption-algorithms.yaml }}
 
 {{ run.sh }}
 
 ### Observation
 
-The rule has identified two instances in the code file where insecure encryption algorithms are used. The specified line numbers can be located in the reverse-engineered code for further investigation and remediation.
+The rule has identified two instances in the code file where deprecated, risky or broken encryption algorithms are used. The specified line numbers can be located in the reverse-engineered code for further investigation and remediation.
 
 {{ output.txt }}
 
 ### Evaluation
 
-The test fails due to the use of weak encryption algorithms, specifically DES, 3DES, RC4 and Blowfish.
+The test fails due to the use of deprecated, risky or broken encryption algorithms, specifically DES, 3DES, RC4 and Blowfish.
 
 See @MASTG-TEST-0221 for more information.

demos/android/MASVS-CRYPTO/MASTG-DEMO-0022/MastgTest.kt

@@ -13,17 +13,17 @@ import javax.crypto.SecretKey
 
 class MastgTest(private val context: Context) {
 
-    // Vulnerable encryption using DES (weak algorithm)
+    // Vulnerable encryption using DES (broken algorithm)
     fun vulnerableDesEncryption(data: String): String {
         try {
-            // Weak key for DES
+            // insufficient key for DES
             val keyBytes = ByteArray(8)
             SecureRandom().nextBytes(keyBytes)
             val keySpec = DESKeySpec(keyBytes)
             val keyFactory = SecretKeyFactory.getInstance("DES")
             val secretKey: Key = keyFactory.generateSecret(keySpec)
 
-            // Weak encryption algorithm (DES)
+            // Risky encryption algorithm (DES)
             val cipher = Cipher.getInstance("DES")
             cipher.init(Cipher.ENCRYPT_MODE, secretKey)
 
@@ -44,7 +44,7 @@ class MastgTest(private val context: Context) {
             val keyFactory = SecretKeyFactory.getInstance("DESede")
             val secretKey: Key = keyFactory.generateSecret(keySpec)
 
-            // Weak encryption algorithm (3DES)
+            // Risky encryption algorithm (3DES)
             val cipher = Cipher.getInstance("DESede")
             cipher.init(Cipher.ENCRYPT_MODE, secretKey)
 
@@ -72,15 +72,15 @@ class MastgTest(private val context: Context) {
         }
     }
 
-    // Insecure encryption using Blowfish (weak algorithm)
+    // Risky encryption using Blowfish (weak algorithm)
     fun vulnerableBlowfishEncryption(data: String): String {
         return try {
-            // Weak key for Blowfish (insecure, small key size)
+            // insufficient key for Blowfish (risky, small key size)
             val keyBytes = ByteArray(8) // Only 8 bytes (64-bit key) - not secure
             SecureRandom().nextBytes(keyBytes)
             val secretKey: SecretKey = SecretKeySpec(keyBytes, "Blowfish")
 
-            // Weak encryption algorithm (Blowfish)
+            // Risky encryption algorithm (Blowfish)
             val cipher = Cipher.getInstance("Blowfish")
             cipher.init(Cipher.ENCRYPT_MODE, secretKey)
 
@@ -95,16 +95,16 @@ class MastgTest(private val context: Context) {
     fun mastgTest(): String {
         val sensitiveString = "Hello from the OWASP MASTG Test app."
 
-        // Encrypt with weak DES
+        // Encrypt with broken DES
         val desEncryptedString = vulnerableDesEncryption(sensitiveString)
 
-        // Encrypt with weak 3DES
+        // Encrypt with risky 3DES
         val tripleDesEncryptedString = vulnerable3DesEncryption(sensitiveString)
 
         // Encrypt with deprecated RC4
         val rc4EncryptedString = vulnerableRc4Encryption(sensitiveString)
 
-        // Encrypt with weak Blowfish
+        // Encrypt with risky Blowfish
         val blowfishEncryptedString = vulnerableBlowfishEncryption(sensitiveString)
 
         // Returning the encrypted results

demos/android/MASVS-CRYPTO/MASTG-DEMO-0022/output.txt

@@ -5,8 +5,8 @@
 └─────────────────┘
 
     MastgTest_reversed.java
-    ❯❱ rules.weak-encryption-algorithms
-          [MASVS-CRYPTO-1] Weak encryption algorithms found in use.
+    ❯❱ rules.risky-encryption-algorithms
+          [MASVS-CRYPTO-1] Deprecated, risky or broken encryption algorithms found in use.
 
            39┆ Cipher cipher = Cipher.getInstance("DES");
             ⋮┆----------------------------------------
@@ -15,4 +15,3 @@
            81┆ Cipher cipher = Cipher.getInstance("RC4");
             ⋮┆----------------------------------------
           100┆ Cipher cipher = Cipher.getInstance("Blowfish");
-

demos/android/MASVS-CRYPTO/MASTG-DEMO-0022/run.sh

@@ -1 +1 @@
-NO_COLOR=true semgrep -c ../../../../rules/mastg-android-weak-encryption-algorithms.yaml ./MastgTest_reversed.java --text > output.txt
+NO_COLOR=true semgrep -c ../../../../rules/mastg-android-risky-encryption-algorithms.yaml ./MastgTest_reversed.java --text > output.txt

demos/android/MASVS-CRYPTO/MASTG-DEMO-0023/MASTG-DEMO-0023.md

@@ -1,28 +1,28 @@
 ---
 platform: android
-title: Uses of Insecure Encryption Modes in Cipher with semgrep
+title: Uses of Risky or Broken Encryption Modes in Cipher with semgrep
 id: MASTG-DEMO-0023
 code: [kotlin]
 test: MASTG-TEST-0232
 ---
 
 ### Sample
 
-The code snippet below shows sample code contains use of insecure encryption modes.
+The code snippet below shows sample code contains use of risky or broken encryption modes.
 
 {{ MastgTest.kt # MastgTest_reversed.java }}
 
 ### Steps
 
 Let's run our @MASTG-TOOL-0110 rule against the sample code.
 
-{{ ../../../../rules/mastg-android-weak-encryption-modes.yaml }}
+{{ ../../../../rules/mastg-android-risky-encryption-modes.yaml }}
 
 {{ run.sh }}
 
 ### Observation
 
-The rule has identified six instances in the code file where insecure encryption modes are used. The specified line numbers can be located in the reverse-engineered code for further investigation and remediation.
+The rule has identified six instances in the code file where risky or broken encryption modes are used. The specified line numbers can be located in the reverse-engineered code for further investigation and remediation.
 
 {{ output.txt }}
 

demos/android/MASVS-CRYPTO/MASTG-DEMO-0023/output.txt

@@ -5,8 +5,8 @@
 └─────────────────┘
 
     MastgTest_reversed.java
-    ❯❱ rules.weak-encryption-modes
-          [MASVS-CRYPTO-1] Weak encryption modes found in use.
+    ❯❱ rules.risky-encryption-modes
+          [MASVS-CRYPTO-1] Risky or broken encryption modes found in use.
 
            36┆ Cipher cipher = Cipher.getInstance("AES");
             ⋮┆----------------------------------------
@@ -19,4 +19,3 @@
           118┆ Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
             ⋮┆----------------------------------------
           141┆ Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
-

demos/android/MASVS-CRYPTO/MASTG-DEMO-0023/run.sh

@@ -1 +1 @@
-NO_COLOR=true semgrep -c ../../../../rules/mastg-android-weak-encryption-modes.yaml ./MastgTest_reversed.java --text > output.txt
+NO_COLOR=true semgrep -c ../../../../rules/mastg-android-risky-encryption-modes.yaml ./MastgTest_reversed.java --text > output.txt

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0011/MASTG-DEMO-0011.md

@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Uses of Weak Key Size in SecKeyCreateRandomKey with r2
+title: Uses of Insufficient Key Size in SecKeyCreateRandomKey with r2
 code: [swift]
 id: MASTG-DEMO-0011
 test: MASTG-TEST-0209
@@ -37,4 +37,4 @@ In the output we can see how the `kSecAttrKeySizeInBits` attribute is set to `10
 
 {{ evaluation.txt }}
 
-The test fails because the key size is set to `1024` bits, which is considered weak for RSA encryption. The key size should be increased to `2048` bits or higher to provide adequate security against modern cryptographic attacks.
+The test fails because the key size is set to `1024` bits, which is considered insufficient for RSA encryption. The key size should be increased to `2048` bits or higher to provide adequate security against modern cryptographic attacks.

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0015/MASTG-DEMO-0015.md

@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Uses of Insecure Hashing Algorithms in CommonCrypto with r2
+title: Uses of Risky or Broken Hashing Algorithms in CommonCrypto with r2
 code: [swift]
 id: MASTG-DEMO-0015
 test: MASTG-TEST-0211

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0016/MASTG-DEMO-0016.md

@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Uses of Insecure Hashing Algorithms in CryptoKit with r2
+title: Uses of Risky or Broken Hashing Algorithms in CryptoKit with r2
 code: [swift]
 id: MASTG-DEMO-0016
 test: MASTG-TEST-0211

demos/ios/MASVS-CRYPTO/MASTG-DEMO-0018/MASTG-DEMO-0018.md

@@ -1,6 +1,6 @@
 ---
 platform: ios
-title: Uses of Insecure Encryption Algorithms in CommonCrypto with r2
+title: Uses of Deprecated, Risky or Broken Encryption Algorithms in CommonCrypto with r2
 code: [swift]
 id: MASTG-DEMO-0018
 test: MASTG-TEST-0210

docs/news/posts/2024-07-30-new-maswe.md

@@ -41,7 +41,7 @@ Now MASVS, MASWE and MASTG are all seamlessly connected. We start with the high-
 1. **MASVS Controls**: High-level platform-agnostic requirements.
    > For example, "The app employs current cryptography and uses it according to best practices." ([MASVS-CRYPTO-1](https://mas.owasp.org/MASVS/controls/MASVS-CRYPTO-1/)).
 2. **MASWE Weaknesses**: Specific weaknesses, typically also platform-agnostic, related to the controls.
-   > For example, "use of weak pseudo-random number generation" ([MASWE-0027](https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0027/)).
+   > For example, "use of predictable pseudo-random number generation" ([MASWE-0027](https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0027/)).
 3. **MASTG Tests**: Each weakness is evaluated by executing tests that guide the tester in identifying and mitigating the issues using various tools and techniques on each mobile platform.
    > For example, testing for "insecure random API usage on Android" ([MASTG-TEST-0204](https://mas.owasp.org/MASTG/tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0204/)).
 4. **MASTG Demos**: Practical demonstrations that include working code samples and test scripts to ensure reproducibility and reliability.