[Cryptography] Crypto best practices

Patrick Chkoreff patrick at rayservers.net
Tue Mar 7 17:59:16 EST 2017


This looks like some very valuable advice:

https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf

Excerpt:

> Key exchange must be performed using Diffie-Hellman, Elliptic Curve Diffie-Hellman, or RSA.
> For Elliptic Curve Diffie-Hellman the prime moduli utilized must be at least 256 bits. For Diffie-
> Hellman and RSA the primes utilized must be at least 2048 bits. The use of Diffie-Hellman or Elliptic
> Curve Diffie-Hellman is recommended to allow for perfect forward secrecy.
...
> Confidentiality must be provided by AES with a minimum key size of 256 bits. The cipher
> must be operated in Galois/Counter Mode (GCM), Counter Mode (CTR), or Cipher Block Chaining
> Mode (CBC).


-- Patrick


More information about the cryptography mailing list