Heise security news published an article "ENISA-Empfehlungen zu Krypto-Verfahren" (ENISA Recommendation for Crypto processes). The article is in German language and can be found under http://heise.de/-2043356. It holds a summary of the latest recommendations of ENISA, the European Union Agency for Network and Information Security (http://www.enisa.europa.eu/).
For those not reading German the "summary" of the summary report is: Symmetric 80 bit keys are accepted for transaction data and existing systems to be replaced in the next 5 -10 years. Symmetric keys of 128 bit are OK for mid-term and 256 bit for long-term use. * Cryptographic Primitives * Block Cipher -> AES 128, long-term AES 256 bit Hash Function -> SHA-256, long-term SHA-512 (Camellia, SHA-3 and Whirlpool are discussed) Stream Ciphers -> Rabbit + Snow 3G (RC4 to be removed) * Public Keys* Elliptic Curve Cryptography is recommended: Transactions -> 160 bit, mid-term storage -> 256 bit, long-term storage -> 512 bit RSA still can be used, recommendations are: legacy systems only -> key size smaller than 3072, mid-term storage -> minimum 3072 (!), long-term storage -> 15360 (corresponds to 256 bit key symmetric encryption) * Protocols * Some detailed recommendations are made for protocols as TLS (Camellia_128_GCM_SHA256, AES_128_GCM_SHA256), SSH (inter alia aes128-ctr with hmac-sha2-256) Kerberos and IPSEC. The original ENISA article "Recommended cryptographic measures - Securing personal data" is available under http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report. <flame on> Regards Juergen Polster 0xA3FCFD07 PS: I send this twice as it seems that the first one did not make it. In case it comes double I already apologize :-) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
