Improve qhelp for broken crypto algo queries

Previously it focussed too much on the risk of data being decrypted, and didn't explain why using weak algorithms is a problem in other contexts.
2025-12-16 16:53:25 +01:00 · 2025-10-08 14:10:54 +01:00
parent 2a1c9d8ec1
commit 0bcdb91639
6 changed files with 114 additions and 36 deletions
--- a/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp
+++ b/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp
@@ -4,15 +4,33 @@
 <qhelp>
  <overview>
    <p>
-      Using broken or weak cryptographic algorithms can leave data
-      vulnerable to being decrypted or forged by an attacker.
+      Using broken or weak cryptographic algorithms may compromise
+      security guarantees such as confidentiality, integrity, and
+      authenticity.
    </p>
+
    <p>
-      Many cryptographic algorithms provided by cryptography
-      libraries are known to be weak, or flawed. Using such an
-      algorithm means that encrypted or hashed data is less
-      secure than it appears to be.
+      Many cryptographic algorithms are known to be weak or flawed. The
+      security guarantees of a system often rely on the underlying
+      cryptography, so using a weak algorithm can have severe consequences.
+      For example:
    </p>
+
+    <ul>
+      <li>
+      If a weak encryption algorithm is used, an attacker may be able to
+      decrypt sensitive data.
+      </li>
+      <li>
+      If a weak hashing algorithm is used to protect data integrity, an
+      attacker may be able to craft a malicious input that has the same
+      hash as a benign one.
+      </li>
+      <li>
+      If a weak algorithm is used for digital signatures, an attacker may
+      be able to forge signatures and impersonate legitimate users.
+      </li>
+    </ul>
    <p>
      This query alerts on any use of a weak cryptographic algorithm that is
      not a hashing algorithm. Use of broken or weak cryptographic hash