[Cryptography] Crypto best practices
Patrick Chkoreff
patrick at rayservers.net
Tue Mar 7 17:59:16 EST 2017
This looks like some very valuable advice:
https://wikileaks.org/ciav7p1/cms/files/NOD%20Cryptographic%20Requirements%20v1.1%20TOP%20SECRET.pdf
Excerpt:
> Key exchange must be performed using Diffie-Hellman, Elliptic Curve Diffie-Hellman, or RSA.
> For Elliptic Curve Diffie-Hellman the prime moduli utilized must be at least 256 bits. For Diffie-
> Hellman and RSA the primes utilized must be at least 2048 bits. The use of Diffie-Hellman or Elliptic
> Curve Diffie-Hellman is recommended to allow for perfect forward secrecy.
...
> Confidentiality must be provided by AES with a minimum key size of 256 bits. The cipher
> must be operated in Galois/Counter Mode (GCM), Counter Mode (CTR), or Cipher Block Chaining
> Mode (CBC).
-- Patrick
More information about the cryptography
mailing list