Rust: Correct the qhelp.

2026-04-28 18:25:24 +02:00 · 2025-01-10 14:19:12 +00:00
parent ad268220bf
commit 19d3e9dbca
1 changed files with 28 additions and 27 deletions
--- a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.qhelp
+++ b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.qhelp
@@ -10,25 +10,25 @@

        <p>
            A strong cryptographic hash function should be resistant to:
-            <ul>
-                <li>
-                    <b>Pre-image attacks</b>. If you know a hash value <code>h(x)</code>,
-                    you should not be able to easily find the input <code>x</code>.
-                </li>
-                <li>
-                    <b>Collision attacks</b>. If you know a hash value <code>h(x)</code>,
-                    you should not be able to easily find a different input
-                    <code>y</code>
-                    with the same hash value <code>h(x) = h(y)</code>.
-                </li>
-                <li>
-                    <b>Brute force</b>. For passwords and other data with limited
-                    input space, if you know a hash value <code>h(x)</code>
-                    you should not be able to find the input <code>x</code> even using
-                    a brute force attack (without significant computational effort).
-                </li>
-            </ul>
        </p>
+        <ul>
+            <li>
+                <b>Pre-image attacks</b>. If you know a hash value <code>h(x)</code>,
+                you should not be able to easily find the input <code>x</code>.
+            </li>
+            <li>
+                <b>Collision attacks</b>. If you know a hash value <code>h(x)</code>,
+                you should not be able to easily find a different input
+                <code>y</code>
+                with the same hash value <code>h(x) = h(y)</code>.
+            </li>
+            <li>
+                <b>Brute force</b>. For passwords and other data with limited
+                input space, if you know a hash value <code>h(x)</code>
+                you should not be able to find the input <code>x</code> even using
+                a brute force attack (without significant computational effort).
+            </li>
+        </ul>

        <p>
            As an example, both MD5 and SHA-1 are known to be vulnerable to collision attacks.
@@ -51,17 +51,18 @@

        <p>
            Ensure that you use a strong, modern cryptographic hash function, such as:
-            <ul>
-                <li>
-                    Argon2, scrypt, bcrypt, or PBKDF2 for passwords and other data with limited input space where
-                    a dictionary-like attack is feasible.
-                </li>
-                <li>
-                    SHA-2, or SHA-3 in other cases.
-                </li>
-            </ul>
        </p>

+        <ul>
+            <li>
+                Argon2, scrypt, bcrypt, or PBKDF2 for passwords and other data with limited input space where
+                a dictionary-like attack is feasible.
+            </li>
+            <li>
+                SHA-2, or SHA-3 in other cases.
+            </li>
+        </ul>
+
        <p>
            Note that special purpose algorithms, which are used to ensure that a message comes from a
            particular sender, exist for message authentication. These algorithms should be used when