[Cryptography] Crypto best practices
Tom Mitchell
mitch at niftyegg.com
Tue Mar 7 19:22:12 EST 2017
On Tue, Mar 7, 2017 at 2:59 PM, Patrick Chkoreff <patrick at rayservers.net> wrote:
> This looks like some very valuable advice:
>
> https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf
>
> Excerpt:
>
>> Key exchange must be
.....
>> must be operated in Galois/Counter Mode (GCM), Counter Mode (CTR), or Cipher Block Chaining
>> Mode (CBC).
And the favorite, invokes the MUST USE, and places 800-90 on the must read list:
"6. (S//NF) All tools must utilize OS provided cryptographically
secure sources of entropy (e.g., /dev/random on *nix, Microsoft
CryptoAPI, etc) and should be a source compliant with NIST SP 800- 90.
If a non-800-90 mechanism is used, the output from the source of
entropy must be hashed with SHA-256 prior to use. Deviations from this
must be justified and accepted by the OCRB. iii"
--
T o m M i t c h e l l
More information about the cryptography
mailing list