Update crypto_algorithms.md

This commit is contained in:
Omar Santos 2019-07-12 07:50:07 -04:00 committed by GitHub
parent 08623c898d
commit 956a11f89c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,5 +1,6 @@
# Cryptographic Algorithms # Cryptographic Algorithms
<table> <table>
<tbody> <tbody>
<tr> <tr>
@ -8,7 +9,6 @@
<th scope="col">Status</th> <th scope="col">Status</th>
<th scope="col">Alternative</th> <th scope="col">Alternative</th>
<th scope="col">QCR</th> <th scope="col">QCR</th>
<th scope="col">Mitigation</th>
</tr> </tr>
<tr> <tr>
<td>DES</td> <td>DES</td>
@ -16,7 +16,6 @@
<td>Avoid</td> <td>Avoid</td>
<td>AES</td> <td>AES</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>&mdash;</td>
</tr> </tr>
<tr> <tr>
<td>3DES</td> <td>3DES</td>
@ -24,7 +23,6 @@
<td>Legacy</td> <td>Legacy</td>
<td>AES</td> <td>AES</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>Short key lifetime</td>
</tr> </tr>
<tr> <tr>
<td>RC4</td> <td>RC4</td>
@ -32,7 +30,6 @@
<td>Avoid</td> <td>Avoid</td>
<td>AES</td> <td>AES</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>&mdash;</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -45,7 +42,7 @@
</td> </td>
<td> <td>
<p>Acceptable</p> <p>Acceptable</p>
<p>NGE</a></p> <p>NGE</p>
</td> </td>
<td> <td>
<p>AES-GCM</p> <p>AES-GCM</p>
@ -55,10 +52,6 @@
<p>✓ (256-bit)</p> <p>✓ (256-bit)</p>
<p>✓ (256-bit)</p> <p>✓ (256-bit)</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -82,11 +75,6 @@ DSA-3072</td>
<p>&mdash;</p> <p>&mdash;</p>
<p>&mdash;</p> <p>&mdash;</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -110,11 +98,6 @@ ECDSA-256</td>
<p>&mdash;</p> <p>&mdash;</p>
<p>&mdash;</p> <p>&mdash;</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -137,11 +120,6 @@ ECDSA-256</td>
<p>&mdash;</p> <p>&mdash;</p>
<p>&mdash;</p> <p>&mdash;</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td>MD5</td> <td>MD5</td>
@ -149,7 +127,6 @@ ECDSA-256</td>
<td>Avoid</td> <td>Avoid</td>
<td>SHA-256</td> <td>SHA-256</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>&mdash;</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -165,9 +142,6 @@ ECDSA-256</td>
<p>SHA-256</p> <p>SHA-256</p>
</td> </td>
<td>&mdash;</td> <td>&mdash;</td>
<td>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -191,11 +165,6 @@ ECDSA-256</td>
<p></p> <p></p>
<p></p> <p></p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td>HMAC-MD5</td> <td>HMAC-MD5</td>
@ -203,7 +172,6 @@ ECDSA-256</td>
<td>Legacy</td> <td>Legacy</td>
<td>HMAC-SHA-256</td> <td>HMAC-SHA-256</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>Short key lifetime</td>
</tr> </tr>
<tr> <tr>
<td>HMAC-SHA-1</td> <td>HMAC-SHA-1</td>
@ -211,7 +179,6 @@ ECDSA-256</td>
<td>Acceptable</td> <td>Acceptable</td>
<td>HMAC-SHA-256</td> <td>HMAC-SHA-256</td>
<td>&mdash;</td> <td>&mdash;</td>
<td>&mdash;</td>
</tr> </tr>
<tr> <tr>
<td>HMAC-SHA-256</td> <td>HMAC-SHA-256</td>
@ -219,7 +186,6 @@ ECDSA-256</td>
<td>NGE</td> <td>NGE</td>
<td>&mdash;</td> <td>&mdash;</td>
<td></td> <td></td>
<td>&mdash;</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -239,10 +205,6 @@ ECDSA-384</td>
<p>&mdash;</p> <p>&mdash;</p>
<p>&mdash;</p> <p>&mdash;</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td> <td>
@ -263,13 +225,9 @@ ECDSA-384</td>
<p>&mdash;</p> <p>&mdash;</p>
<p>&mdash;</p> <p>&mdash;</p>
</td> </td>
<td>
<p>&mdash;</p>
<p>&mdash;</p>
</td>
</tr> </tr>
<tr> <tr>
<td colspan="6"><a name="ftn1"></a> <td colspan="5"><a name="ftn1"></a>
<p>1. QCR = quantum computer resistant.</p> <p>1. QCR = quantum computer resistant.</p>
<a name="ftn2"></a> <a name="ftn2"></a>
<p>2. NGE = next generation encryption.</p> <p>2. NGE = next generation encryption.</p>
@ -278,6 +236,7 @@ ECDSA-384</td>
</tbody> </tbody>
</table> </table>
- Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms. - Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms.
- Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms. - Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms.