Tweak wording for encrypt-then-MAC (6.5.5)

OWASP · Jan 17, 2025 · 40dac5f · 40dac5f
1 parent 26a8815
commit 40dac5f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/5.0/en/0x14-V6-Cryptography.md b/5.0/en/0x14-V6-Cryptography.md
@@ -88,7 +88,7 @@ Authenticated encryption algorithms built on AES and CHACHA20 form the backbone
 | **6.5.2** | [ADDED, SPLIT FROM 6.2.5, COVERS 6.2.3, LEVEL L2 > L1] Verify that insecure ciphers, including Triple-DES and Blowfish, are not used but secure authenticated ciphers and modes such as AES with GCM are. | ✓ | ✓ | ✓ | 326 |
 | **6.5.3** | [MODIFIED, MOVED FROM 6.2.6, LEVEL L2 > L3] Verify that nonces, initialization vectors, and other single-use numbers are not used for more than one encryption key/data-element pair. The method of generation must be appropriate for the algorithm being used. | | | ✓ | 326 |
 | **6.5.4** | [MODIFIED, MOVED FROM 6.2.7] Verify that encrypted data is authenticated via signatures, as well as through authenticated cipher modes or HMAC for protection against unauthorized modification. | | | ✓ | 326 |
-| **6.5.5** | [ADDED] Verify that any authenticated signatures are operating in encrypt-then-MAC or encrypt-then-hash modes as required. | | | ✓ | 326 |
+| **6.5.5** | [ADDED] Verify that any combination of an encryption algorithm and a MAC algorithm is operating in encrypt-then-MAC mode. | | | ✓ | 326 |
 
 ## V6.6 Hashing and Hash-based Functions