Add texts that were not merged. (#3180)

## Review

A dedicated reviewer checked the rule description successfully for:

- [ ] logical errors and incorrect information
- [ ] information gaps and missing content
- [ ] text style and tone
- [ ] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)

rules/S5344/java/rule.adoc

@@ -23,11 +23,11 @@ Many industries and jurisdictions have specific regulations and standards to pro
 
 == How to fix it in Spring
 
-A user password should never be stored in clear text. Instead, a hash should be produced from it using a secure algorithm:
-
-* not vulnerable to brute force attacks.
-* not vulnerable to first preimage or second preimage attacks: If a hash is leaked, it should be difficut to find a password produding this same hash. It should also be difficult to find a password that has the same hash than another password.
-* and a salt should be added to the password to lower the risk of rainbow table attacks (see rule S2053).
+A user password should never be stored in clear text. Instead, a hash should be produced from it using a secure algorithm. When dealing with password storage security, best practices recommend relying on a slow hashing algorithm, that will make brute force attacks more difficult. Using a hashing function with adaptable computation and memory complexity also is recommended to be able to increase the security level with time.
+	
+Adding a salt to the digest computation is also recommended to prevent pre-computed table attacks (see rule S2053).
+	
+In general, relying on an algorithm with no known weaknesses is also a requirement. This prevents the use of the MD5 or SHA-1 algorithms.
 
 While considered strong for some use cases, some algorithms, like SHA-family functions, are too fast to compute and therefore susceptible to brute force attacks, especially with attack-dedicated hardware. Modern, slow, password hashing algorithms such as bcrypt, PBKDF2 or argon2 are recommended.