MozillaWiki

Security/Guidelines/Key Management: Difference between revisions

Page Discussion

Security/Guidelines/Key Management (view source)

Revision as of 18:46, 22 September 2015

745 bytes added ,  22 September 2015
Automated sync from https://github.com/mozilla/wikimo_opsec
m (Gdestuynder moved page Security/Key Management to Security/Guidelines/Key Management: Reorg under the expected location)
(Automated sync from https://github.com/mozilla/wikimo_opsec)
Line 10: Line 10:
|-  
|-  
|  <span style="color:orange;">'''DRAFT'''</span> ||
|  <span style="color:orange;">'''DRAFT'''</span> ||
* Version 1.2: kang: Bump key requirements see also <https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml>, rationale: historically when the NSA has such high requirements they're aware of significant weaknesses with lower requirements.
* Version 1.1: kang: migrated OpenSSH key handling to [[Security/Guidelines/OpenSSH]]
* Version 1.1: kang: migrated OpenSSH key handling to [[Security/Guidelines/OpenSSH]]
* Version 1: kang/ulfr: creation
* Version 1: kang/ulfr: creation
Line 26: Line 27:


= Algorithms by security levels =
= Algorithms by security levels =
This section organizes algorithms and key sizes for a given validity period that represent the level of security provided. While 10 years validity may be a requirement for very static keys, such as Root CAs, we do recommend preferring 2 years keys and implementing reliable key rotation, instead of trying to keep key material for long periods of time.
This section organizes algorithms and key sizes by rating (modern, intermediate, old) for a given validity period.
Regardless of the rating choosen, we do recommend prefering 2 years keys with a reliable key rotation instead of trying
to keep key material for long periods of time.
This allow for faster operational reaction time when new algorithm weaknesses are discovered.
 
== Modern - 10 years (default) ==
These may be used if expiring within 10 years and should be the default choice unless limited by technological factors
such as client/server support or performance.
 
Use of EC is favored over RSA for performances purposes.


== 10 years ==
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 35: Line 44:
| Asymmetric encryption || RSA 4096 bits || 144 bits
| Asymmetric encryption || RSA 4096 bits || 144 bits
|-
|-
| Asymmetric encryption || ECDSA 384 bits || 192 bits
| Asymmetric encryption || ECDSA 512 bits || 256 bits
|-
|-
| Symmetric encryption || AES-GCM 192 bits || 192 bits
| Symmetric encryption || AES-GCM 256 bits || 256 bits
|-  
|-  
| Hash & HMAC || SHA-384 || 192 bits
| Hash & HMAC || SHA-512 || 256 bits
|-
|-
| Hash & HMAC || SHA3-384 || 192 bits
| Hash & HMAC || SHA3-512 || 256 bits
|}
|}


== 2 years (default) ==
== Intermediate - 2 years ==
These maybe be used if expiring within 2 years or up to 2020 whichever comes first.
 
{| class="wikitable"
{| class="wikitable"
|-
|-
! Type !! Algorithm and key size !! Bits of security
! Type !! Algorithm and key size !! Bits of security
|-
|-
| Asymmetric keys || RSA 2048 bits || 112 bits
| Asymmetric keys || RSA 3072 bits || 128 bits
|-
|-
| Asymmetric keys || ECDSA 224 or 256 bits || 112 bits
| Asymmetric keys || ECDSA 256 bits || 128 bits
|-
|-
| Symmetric encryption || AES-CBC 128 bits || 128 bits
| Symmetric encryption || AES-CBC 128 bits || 128 bits
Line 60: Line 71:
|}
|}


== Legacy, not recommended ==
== Old - do not use ==
The following algorithms and sizes are still widely used but do not provide sufficient security for modern services and should be deprecated as soon as possible, unless backward compatibility is a strong requirement (even so, a deprecation planning should be setup).
The following algorithms and sizes are still widely used but do not provide sufficient security for modern services and should be deprecated as soon as possible.
 
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 72: Line 84:
| Symmetric encryption || 3DES || 112 bits
| Symmetric encryption || 3DES || 112 bits
|-
|-
| Symmetric encryption || RC4 ||  
| Symmetric encryption || RC4 ||
|-
|-
| Hash & HMAC || SHA-1 || 80 bits
| Hash & HMAC || SHA-1 || 80 bits
Line 119: Line 131:
File: ~/.gnupg/gpg.conf
File: ~/.gnupg/gpg.conf
<source>
<source>
personal-digest-preferences SHA512 SHA384 SHA256
personal-digest-preferences SHA512 SHA384
cert-digest-algo SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed
keyid-format 0xlong
keyid-format 0xlong
</source>
</source>
Line 128: Line 140:
== Bits of security ==
== Bits of security ==
Security Bits estimate the computational steps or operations (not machine instructions) required to solve a cryptographic problem (i.e. crack the key/hash).
Security Bits estimate the computational steps or operations (not machine instructions) required to solve a cryptographic problem (i.e. crack the key/hash).
Of course, these do not factor in weaknesses in the algorithms which would reduce the effective amount of security bits
and therefore is only used as an indicator of the width of the total (maximum) space to exhaust to ensuring finding the key.


For a more detailed definition, see http://en.wikipedia.org/wiki/Key_size and  http://www.cryptopp.com/wiki/Security_Level#Security_Bits.
For a more detailed definition, see http://en.wikipedia.org/wiki/Key_size, https://en.wikipedia.org/wiki/Secure_Hash_Algorithm and  http://www.cryptopp.com/wiki/Security_Level#Security_Bits.
Gdestuynder
Confirmed users
502

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1096753"