From 0f37ebfb2715793260667fd117227079e6791201 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Tue, 15 Jul 2025 10:52:57 +0200 Subject: [PATCH 01/18] Fixes https://github.com/OWASP/mastg/issues/2589a --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index f1df81e..1f6021f 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -1,7 +1,7 @@ --- -title: Improper Generation of Cryptographic Signatures +title: Signatures Created by Deprecated, Risky or Broken Algorithms id: MASWE-0025 -alias: improper-signature-generation +alias: weak-signatures platform: [android, ios] profiles: [L1, L2] mappings: @@ -17,7 +17,23 @@ refs: draft: description: The use of algorithms with insufficient strength for signatures such as SHA1withRSA, etc. in a security-sensitive context should be avoided to ensure the integrity and authenticity of the data. topics: null -status: placeholder +status: draft --- +Using deprecated, risky or broken algorithms for the purpose of ensuring accountability and non-reputation through the use of signatures could make it possible for an attacker to execute digital signature forgery and compromise the integrity and authenticity of the data at rest and in transit. +## Impact + +- **Loss of Integrity and authenticity**: Signature forgery may allow the attacker to compromise the integrity and authenticity of the data by signing the data on behalf of another entity. +- **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. + +## Modes of Introduction + +- **Using a deprecated, risky or broken hashing algorithm**: e.g. MD5 and SHA-1 have been identified to be vulnerable for collision attacks that are faster than a birthday attack. Because of this they are denounced as "broken". +- **Using a insufficiently collision resistant hash**: Choosing a hashing algorithm of insufficient length may result in loss of integrity or confidentiality. + +## Mitigations + +- **Choose collision resistant algorithm**: Choose a signature algorithm that is sufficiently collision resistant like RSA (3072 bits and higher), ECDSA with NIST P-384 or EdDSA with Edwards448. + +- **Choose a signing scheme that make use of algorithms with sufficient bit-lengths**: As our computers gets stronger, previously generated hashes get weaker, therefore, make sure that you can adjust the bit-length length (strength) of the algorithm of your choosing. When signatures are stored at rest, make sure to follow the software industry's long term recommendations (e.g. ["NIST: Transition to Post-Quantum Cryptography Standards"](https://csrc.nist.gov/pubs/ir/8547/ipd)). From bc64a2dea7c3486503b0fd790a2b2021c237309a Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Tue, 15 Jul 2025 13:42:56 +0200 Subject: [PATCH 02/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 1f6021f..055c61e 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -1,5 +1,5 @@ --- -title: Signatures Created by Deprecated, Risky or Broken Algorithms +title: Improper Generation of Cryptographic Signatures id: MASWE-0025 alias: weak-signatures platform: [android, ios] From 33cf9e93f4423fa8f132149394ccb71166e9eab9 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Tue, 15 Jul 2025 13:43:03 +0200 Subject: [PATCH 03/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 055c61e..21c2dcf 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -1,7 +1,7 @@ --- title: Improper Generation of Cryptographic Signatures id: MASWE-0025 -alias: weak-signatures +alias: improper-signature-generation platform: [android, ios] profiles: [L1, L2] mappings: From d2be5f925053e765c77cfc93b165c85dec52db1b Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Tue, 15 Jul 2025 13:43:13 +0200 Subject: [PATCH 04/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 21c2dcf..dbf583f 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -17,9 +17,12 @@ refs: draft: description: The use of algorithms with insufficient strength for signatures such as SHA1withRSA, etc. in a security-sensitive context should be avoided to ensure the integrity and authenticity of the data. topics: null -status: draft +status: new --- + +## Overview + Using deprecated, risky or broken algorithms for the purpose of ensuring accountability and non-reputation through the use of signatures could make it possible for an attacker to execute digital signature forgery and compromise the integrity and authenticity of the data at rest and in transit. ## Impact From 7339b85f983713a8e60daac1cad11165a46fbac0 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Tue, 15 Jul 2025 13:43:24 +0200 Subject: [PATCH 05/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index dbf583f..ced94cb 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -14,9 +14,6 @@ refs: - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf - https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf - https://csrc.nist.gov/pubs/ir/8547/ipd -draft: - description: The use of algorithms with insufficient strength for signatures such as SHA1withRSA, etc. in a security-sensitive context should be avoided to ensure the integrity and authenticity of the data. - topics: null status: new --- From f0fa3b177ac5b079b1525751573dcdf172eac994 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Mon, 3 Nov 2025 09:34:02 +0100 Subject: [PATCH 06/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Dionysis Lorentzos --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index ced94cb..ef27b0e 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -20,7 +20,7 @@ status: new ## Overview -Using deprecated, risky or broken algorithms for the purpose of ensuring accountability and non-reputation through the use of signatures could make it possible for an attacker to execute digital signature forgery and compromise the integrity and authenticity of the data at rest and in transit. +Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA-1) could enable an attacker to commit digital signature forgery, thereby undermining integrity, authenticity, and non-repudiation. ## Impact From 3a6e45a79cd14b5625d0b7089448a41bd2b2f029 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Mon, 3 Nov 2025 09:34:15 +0100 Subject: [PATCH 07/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Dionysis Lorentzos --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index ef27b0e..56d4101 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -29,8 +29,8 @@ Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA- ## Modes of Introduction -- **Using a deprecated, risky or broken hashing algorithm**: e.g. MD5 and SHA-1 have been identified to be vulnerable for collision attacks that are faster than a birthday attack. Because of this they are denounced as "broken". -- **Using a insufficiently collision resistant hash**: Choosing a hashing algorithm of insufficient length may result in loss of integrity or confidentiality. +- **Using a deprecated, risky, or broken hashing algorithm**: e.g., MD5 and SHA-1 have been identified to be vulnerable to collision attacks that are faster than a birthday attack. Because of this, they are denounced as "broken". +- **Using an insufficiently collision-resistant hash**: Choosing a hashing algorithm of insufficient length may result in loss of integrity or confidentiality. ## Mitigations From 7b0ebf6233f14376e71387c8533c8fcdea7a35f4 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Mon, 3 Nov 2025 09:44:03 +0100 Subject: [PATCH 08/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Dionysis Lorentzos --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 56d4101..65ed897 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -34,6 +34,5 @@ Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA- ## Mitigations -- **Choose collision resistant algorithm**: Choose a signature algorithm that is sufficiently collision resistant like RSA (3072 bits and higher), ECDSA with NIST P-384 or EdDSA with Edwards448. - -- **Choose a signing scheme that make use of algorithms with sufficient bit-lengths**: As our computers gets stronger, previously generated hashes get weaker, therefore, make sure that you can adjust the bit-length length (strength) of the algorithm of your choosing. When signatures are stored at rest, make sure to follow the software industry's long term recommendations (e.g. ["NIST: Transition to Post-Quantum Cryptography Standards"](https://csrc.nist.gov/pubs/ir/8547/ipd)). +- **Choose a collision-resistant algorithm**: Choose a signature algorithm that is sufficiently collision-resistant, like RSA (3072 bits and higher), ECDSA with NIST P-384, or EdDSA with Edwards448. +- **Choose a signing scheme that makes use of algorithms with sufficient bit-lengths**: As our computers get stronger, previously generated hashes get weaker. Therefore, make sure you can adjust the bit length (strength) of the algorithm you choose. When signatures are stored at rest, make sure to follow the software industry's long-term recommendations (e.g., ["NIST: Transition to Post-Quantum Cryptography Standards"](https://csrc.nist.gov/pubs/ir/8547/ipd)). From a57e459d8b9fbcf27bf0fbc26d5ebcfe1d5bc2ed Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Mon, 3 Nov 2025 09:51:28 +0100 Subject: [PATCH 09/18] Refine impact descriptions for signature forgery Clarified impact statements regarding signature forgery. --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 65ed897..5adcc85 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -24,7 +24,8 @@ Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA- ## Impact -- **Loss of Integrity and authenticity**: Signature forgery may allow the attacker to compromise the integrity and authenticity of the data by signing the data on behalf of another entity. +- **Loss of authenticity**: Signature forgery may allow the attacker to sign the data on behalf of another entity, thereby casting doubt on where the data came from. +- **Loss of Integrity**: Signature forgery may allow the attacker to alter the data which would compromise it's integrity. - **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. ## Modes of Introduction From 121acb340a92a7d1f4bd5c91bb6a0a522eec6630 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:07:36 +0100 Subject: [PATCH 10/18] Fix capitalization and punctuation in MASWE-0025 Corrected capitalization and punctuation in the impact section. --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 5adcc85..3ff4e61 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -25,7 +25,7 @@ Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA- ## Impact - **Loss of authenticity**: Signature forgery may allow the attacker to sign the data on behalf of another entity, thereby casting doubt on where the data came from. -- **Loss of Integrity**: Signature forgery may allow the attacker to alter the data which would compromise it's integrity. +- **Loss of integrity**: Signature forgery may allow the attacker to alter the data which would compromise it's integrity. - **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. ## Modes of Introduction From 203f042e2499e61ae2498ecea61e6696fdb8007d Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Fri, 7 Nov 2025 20:11:32 +0100 Subject: [PATCH 11/18] Update MASWE-0025.md --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 3ff4e61..3189255 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -1,5 +1,5 @@ --- -title: Improper Generation of Cryptographic Signatures +title: Improper Generation of Digital Signatures id: MASWE-0025 alias: improper-signature-generation platform: [android, ios] From 7362d02c2c3e1ec89d1b371a644cdfc1d99e5cbc Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 09:58:51 +0100 Subject: [PATCH 12/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 3189255..65fbdf0 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -25,7 +25,7 @@ Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA- ## Impact - **Loss of authenticity**: Signature forgery may allow the attacker to sign the data on behalf of another entity, thereby casting doubt on where the data came from. -- **Loss of integrity**: Signature forgery may allow the attacker to alter the data which would compromise it's integrity. +- **Loss of integrity**: Signature forgery may allow an attacker to alter data while keeping the signature check passing, compromising its integrity. - **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. ## Modes of Introduction From 0b73916941006b8412a7c026e41ee426c0c3cd95 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 10:00:45 +0100 Subject: [PATCH 13/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 65fbdf0..d3dcd70 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -20,7 +20,7 @@ status: new ## Overview -Using deprecated, risky, or broken algorithms in signatures (such as MD5 or SHA-1) could enable an attacker to commit digital signature forgery, thereby undermining integrity, authenticity, and non-repudiation. +Using deprecated, risky, or broken hash or signature algorithms, such as MD5withRSA or SHA1withRSA, can allow attackers to forge digital signatures. In mobile apps this can enable tampering with locally verified data such as configuration files, licenses, feature flags, offline content, or cached responses while still passing signature checks, breaking authenticity, integrity, and accountability. ## Impact From 0911e1e355255b60cedce98872d5bc8511991081 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 10:01:58 +0100 Subject: [PATCH 14/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index d3dcd70..7b68e98 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -24,7 +24,7 @@ Using deprecated, risky, or broken hash or signature algorithms, such as MD5with ## Impact -- **Loss of authenticity**: Signature forgery may allow the attacker to sign the data on behalf of another entity, thereby casting doubt on where the data came from. +- **Loss of authenticity**: Signature forgery may allow an attacker to sign data on behalf of another entity, so the app can no longer trust where the data originated. - **Loss of integrity**: Signature forgery may allow an attacker to alter data while keeping the signature check passing, compromising its integrity. - **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. From d6e2f07aba6a825cd65f90a1ee585cf7e1484d8e Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 10:02:34 +0100 Subject: [PATCH 15/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 7b68e98..c8c31a6 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -26,7 +26,7 @@ Using deprecated, risky, or broken hash or signature algorithms, such as MD5with - **Loss of authenticity**: Signature forgery may allow an attacker to sign data on behalf of another entity, so the app can no longer trust where the data originated. - **Loss of integrity**: Signature forgery may allow an attacker to alter data while keeping the signature check passing, compromising its integrity. -- **Loss of accountability**: Signature forgery allows for plausible deniability and diminishes accountability. +- **Loss of accountability**: Signature forgery enables plausible deniability and weakens non repudiation when signatures are used as proof of approval or origin. ## Modes of Introduction From b22eda77a1468e1852dddd6f081c1ed0db57a5af Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 10:03:33 +0100 Subject: [PATCH 16/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index c8c31a6..cda08d5 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -30,8 +30,9 @@ Using deprecated, risky, or broken hash or signature algorithms, such as MD5with ## Modes of Introduction -- **Using a deprecated, risky, or broken hashing algorithm**: e.g., MD5 and SHA-1 have been identified to be vulnerable to collision attacks that are faster than a birthday attack. Because of this, they are denounced as "broken". -- **Using an insufficiently collision-resistant hash**: Choosing a hashing algorithm of insufficient length may result in loss of integrity or confidentiality. +- **Using deprecated, risky, or broken algorithms**: For example, choosing RSA SHA1 or RSA MD5 algorithms, even when documentation marks them as deprecated. +- **Using insufficient key sizes**: For example, generating RSA keys of 1024 bits or using non standard elliptic curves below current security levels. +- **Using insufficiently collision-resistant hash functions**: Selecting MD5 or SHA1, which have known collision attacks, can allow attackers to craft different messages with the same digest. ## Mitigations From f6adc030edb7bb81531c698f0c60cdae6b0143d3 Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 10:04:41 +0100 Subject: [PATCH 17/18] Update weaknesses/MASVS-CRYPTO/MASWE-0025.md Co-authored-by: Carlos Holguera --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index cda08d5..1db4e05 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -36,5 +36,6 @@ Using deprecated, risky, or broken hash or signature algorithms, such as MD5with ## Mitigations -- **Choose a collision-resistant algorithm**: Choose a signature algorithm that is sufficiently collision-resistant, like RSA (3072 bits and higher), ECDSA with NIST P-384, or EdDSA with Edwards448. -- **Choose a signing scheme that makes use of algorithms with sufficient bit-lengths**: As our computers get stronger, previously generated hashes get weaker. Therefore, make sure you can adjust the bit length (strength) of the algorithm you choose. When signatures are stored at rest, make sure to follow the software industry's long-term recommendations (e.g., ["NIST: Transition to Post-Quantum Cryptography Standards"](https://csrc.nist.gov/pubs/ir/8547/ipd)). +- **Choose a modern, collision-resistant algorithm with sufficient bit-lengths**: Choose a signature algorithm with at least 128 bits of security. Suitable choices include RSA with 3072 bit keys, ECDSA with NIST P256 or P384, and EdDSA with Ed25519 or Edwards448. +- **Design signatures with algorithm agility**: Adopt crypto agility-aware design as described in ["NIST.CSWP.39.2pd: Considerations for Achieving Crypto Agility"](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.39.2pd.pdf?). For example, include metadata or version fields that allow migration to stronger algorithms as recommended in documents like [NIST SP 800-131A: Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://csrc.nist.gov/pubs/sp/800/131/a/r2/final) and post quantum transition guidance (["NIST IR 8547: Transition to Post-Quantum Cryptography Standards"](https://csrc.nist.gov/pubs/ir/8547/ipd)). +- **Do not rely on defaults**: Enforce minimum algorithm and key requirements **explicitly** in the code. From c7bec866741359f657538ca43414e2a4aeba33fc Mon Sep 17 00:00:00 2001 From: Uncle Joe <1244005+sydseter@users.noreply.github.com> Date: Sun, 16 Nov 2025 11:09:19 +0100 Subject: [PATCH 18/18] Add CWE-1240 to MASWE-0025 mapping --- weaknesses/MASVS-CRYPTO/MASWE-0025.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weaknesses/MASVS-CRYPTO/MASWE-0025.md b/weaknesses/MASVS-CRYPTO/MASWE-0025.md index 1db4e05..934e6fd 100644 --- a/weaknesses/MASVS-CRYPTO/MASWE-0025.md +++ b/weaknesses/MASVS-CRYPTO/MASWE-0025.md @@ -7,7 +7,7 @@ profiles: [L1, L2] mappings: masvs-v1: [MSTG-CRYPTO-4] masvs-v2: [MASVS-CRYPTO-1] - cwe: [327] + cwe: [327, 1240] refs: - https://developer.android.com/privacy-and-security/cryptography#deprecated-functionality