Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent requirements about number of bits of security #2595

Open
randomstuff opened this issue Feb 10, 2025 · 1 comment
Open

Inconsistent requirements about number of bits of security #2595

randomstuff opened this issue Feb 10, 2025 · 1 comment
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0

Comments

@randomstuff
Copy link
Contributor

We have this requirement:

# Description Level CWE
6.2.9 [ADDED] Verify that all cryptographic primitives utilize a minimum of 128-bits of security based on the algorithm, key size, and configuration. For example, a 256-bit ECC key provides roughly 128 bits of security where RSA requires a 3072-bit key to achieve 128 bits of security. 1 311

At the same time, we have this wording in the appendix:

A security strength of 112 bits or above MUST be ensured for all Key Exchange schemes, and their implementation MUST follow the parameter choices in the next table.

Scheme Domain Parameters
RSA k >= 2048
Diffie-Hellman (DH) L >= 2048 & N >= 224
Elliptic Curve Diffie-Hellman (ECDH) f >= 224
@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - prep This needs to be addressed to prepare 5.0 V6 labels Feb 11, 2025
@tghosth
Copy link
Collaborator

tghosth commented Feb 11, 2025

@danielcuthbert @unprovable any thoughts on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet V6 _5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@randomstuff @tghosth