Rust: Move rust/weak-sensitive-data-hashing

[geoffw0]

Move rust/weak-sensitive-data-hashing into the CWE-327 directory, to be consistent with Python and Ruby. As discussed here.

[Copilot]

Pull Request Overview

This PR moves the Rust weak sensitive data hashing query from the CWE-328 directory to the CWE-327 directory to align with the organization of similar queries in Python and Ruby codebases.

• Updates the query reference path from CWE-328 to CWE-327 in the test configuration file

[github-actions]

QHelp previews:

rust/ql/src/queries/security/CWE-327/WeakSensitiveDataHashing.qhelp

Use of a broken or weak cryptographic hashing algorithm on sensitive data

A broken or weak cryptographic hash function can leave data vulnerable, and should not be used in security-related code.

A strong cryptographic hash function should be resistant to:

• Pre-image attacks. If you know a hash value h(x), you should not be able to easily find the input x.
• Collision attacks. If you know a hash value h(x), you should not be able to easily find a different input y with the same hash value h(x) = h(y).
• Brute force. For passwords and other data with limited input space, if you know a hash value h(x), you should not be able to find the input x even using a brute force attack (without significant computational effort).
  As an example, both MD5 and SHA-1 are known to be vulnerable to collision attacks.

All of MD5, SHA-1, SHA-2 and SHA-3 are weak against offline brute forcing, so they are not suitable for hashing passwords. This includes SHA-224, SHA-256, SHA-384, and SHA-512, which are in the SHA-2 family.

Since it's OK to use a weak cryptographic hash function in a non-security context, this query only alerts when these are used to hash sensitive data (such as passwords, certificates, usernames).

Recommendation

Ensure that you use a strong, modern cryptographic hash function, such as:

• Argon2, scrypt, bcrypt, or PBKDF2 for passwords and other data with limited input space where a dictionary-like attack is feasible.
• SHA-2, or SHA-3 in other cases.
  Note that special purpose algorithms, which are used to ensure that a message comes from a particular sender, exist for message authentication. These algorithms should be used when appropriate, as they address common vulnerabilities of simple hashing schemes in this context.

Example

The following examples show hashing sensitive data using the MD5 hashing algorithm that is known to be vulnerable to collision attacks, and hashing passwords using the SHA-3 algorithm that is weak to brute force attacks:

// MD5 is not appropriate for hashing sensitive data.
let mut md5_hasher = md5::Md5::new();
...
md5_hasher.update(emergency_contact); // BAD
md5_hasher.update(credit_card_no); // BAD
...
my_hash = md5_hasher.finalize();

// SHA3-256 is not appropriate for hashing passwords.
my_hash = sha3::Sha3_256::digest(password); // BAD

To make these secure, we can use the SHA-3 algorithm for sensitive data and Argon2 for passwords:

// SHA3-256 *is* appropriate for hashing sensitive data.
let mut sha3_256_hasher = sha3::Sha3_256::new();
...
sha3_256_hasher.update(emergency_contact); // GOOD
sha3_256_hasher.update(credit_card_no); // GOOD
...
my_hash = sha3_256_hasher.finalize();

// Argon2 is appropriate for hashing passwords.
let argon2_salt = argon2::password_hash::Salt::from_b64(salt)?;
my_hash = argon2::Argon2::default().hash_password(password.as_bytes(), argon2_salt)?.to_string(); // GOOD

References

• OWASP: Password Storage Cheat Sheet and Transport Layer Security Cheat Sheet .
• GitHub: RustCrypto: Hashes and RustCrypto: Password Hashes .
• The RustCrypto Book: Password Hashing .
• Common Weakness Enumeration: CWE-327.
• Common Weakness Enumeration: CWE-328.
• Common Weakness Enumeration: CWE-916.

[geoffw0]

DCA LGTM (hardly surprising).

[paldepind]

Great to get this aligned with the other languages.