Skip to content
Permalink
Browse files

Update crypto_algorithms.md

  • Loading branch information...
santosomar committed Jul 12, 2019
1 parent 08623c8 commit 956a11f89cb0a4bac4071ac15b901f7e1dcafb8a
Showing with 4 additions and 45 deletions.
  1. +4 −45 crypto/crypto_algorithms.md
@@ -1,5 +1,6 @@
# Cryptographic Algorithms


<table>
<tbody>
<tr>
@@ -8,31 +9,27 @@
<th scope="col">Status</th>
<th scope="col">Alternative</th>
<th scope="col">QCR</th>
<th scope="col">Mitigation</th>
</tr>
<tr>
<td>DES</td>
<td>Encryption</td>
<td>Avoid</td>
<td>AES</td>
<td>&mdash;</td>
<td>&mdash;</td>
</tr>
<tr>
<td>3DES</td>
<td>Encryption</td>
<td>Legacy</td>
<td>AES</td>
<td>&mdash;</td>
<td>Short key lifetime</td>
</tr>
<tr>
<td>RC4</td>
<td>Encryption</td>
<td>Avoid</td>
<td>AES</td>
<td>&mdash;</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
@@ -45,7 +42,7 @@
</td>
<td>
<p>Acceptable</p>
<p>NGE</a></p>
<p>NGE</p>
</td>
<td>
<p>AES-GCM</p>
@@ -55,10 +52,6 @@
<p>✓ (256-bit)</p>
<p>✓ (256-bit)</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
@@ -82,11 +75,6 @@ DSA-3072</td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
@@ -110,11 +98,6 @@ ECDSA-256</td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
@@ -137,19 +120,13 @@ ECDSA-256</td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>MD5</td>
<td>Integrity</td>
<td>Avoid</td>
<td>SHA-256</td>
<td>&mdash;</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
@@ -165,9 +142,6 @@ ECDSA-256</td>
<p>SHA-256</p>
</td>
<td>&mdash;</td>
<td>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
@@ -191,35 +165,27 @@ ECDSA-256</td>
<p>✓</p>
<p>✓</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>HMAC-MD5</td>
<td>Integrity</td>
<td>Legacy</td>
<td>HMAC-SHA-256</td>
<td>&mdash;</td>
<td>Short key lifetime</td>
</tr>
<tr>
<td>HMAC-SHA-1</td>
<td>Integrity</td>
<td>Acceptable</td>
<td>HMAC-SHA-256</td>
<td>&mdash;</td>
<td>&mdash;</td>
</tr>
<tr>
<td>HMAC-SHA-256</td>
<td>Integrity</td>
<td>NGE</td>
<td>&mdash;</td>
<td>✓</td>
<td>&mdash;</td>
</tr>
<tr>
<td>
@@ -239,10 +205,6 @@ ECDSA-384</td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td>
@@ -263,13 +225,9 @@ ECDSA-384</td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr>
<tr>
<td colspan="6"><a name="ftn1"></a>
<td colspan="5"><a name="ftn1"></a>
<p>1. QCR = quantum computer resistant.</p>
<a name="ftn2"></a>
<p>2. NGE = next generation encryption.</p>
@@ -278,6 +236,7 @@ ECDSA-384</td>
</tbody>
</table>


- Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.

- Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms.

0 comments on commit 956a11f

Please sign in to comment.
You can’t perform that action at this time.