From 6ef2889ba3cec96ef3cf79e6990ba05954a8b8f0 Mon Sep 17 00:00:00 2001 From: Josh Grossman Date: Mon, 9 Dec 2024 21:16:33 +0200 Subject: [PATCH] Remove tokens from authenticated crypto in 6.5.4 to resolve #2433 --- 5.0/en/0x14-V6-Cryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.0/en/0x14-V6-Cryptography.md b/5.0/en/0x14-V6-Cryptography.md index 14f9090e60..f14897730d 100644 --- a/5.0/en/0x14-V6-Cryptography.md +++ b/5.0/en/0x14-V6-Cryptography.md @@ -84,7 +84,7 @@ Cipher algorithms such as AES and CHACHA20 form the backbone of modern cryptogra | **6.5.1** | [ADDED, SPLIT FROM 6.2.5] Verify that insecure block modes (e.g., ECB) and weak padding schemes (e.g., PKCS#1 v1.5) are not used. | | ✓ | ✓ | 326 | | **6.5.2** | [ADDED, SPLIT FROM 6.2.5, LEVEL L2 > L1] Verify that insecure ciphers, including Triple-DES and Blowfish, are not used but secure ciphers and modes such as AES with GCM are. | ✓ | ✓ | ✓ | 326 | | **6.5.3** | [MODIFIED, MOVED FROM 6.2.6, LEVEL L2 > L3] Verify that nonces, initialization vectors, and other single-use numbers are not used for more than one encryption key/data-element pair. The method of generation must be appropriate for the algorithm being used. | | | ✓ | 326 | -| **6.5.4** | [MODIFIED, MOVED FROM 6.2.7] Verify that encrypted data is authenticated via signatures, including unencrypted tokens being used for secure access control, as well as through authenticated cipher modes or HMAC for protection against unauthorized modification. | | | ✓ | 326 | +| **6.5.4** | [MODIFIED, MOVED FROM 6.2.7] Verify that encrypted data is authenticated via signatures, as well as through authenticated cipher modes or HMAC for protection against unauthorized modification. | | | ✓ | 326 | | **6.5.5** | [ADDED] Verify that any authenticated signatures are operating in encrypt-then-MAC or encrypt-then-hash modes as required. | | | ✓ | 326 | ## V6.6 Hashing and Hash-based Functions