You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Advanced Encryption Standard published in 2001 uses key sizes of 128, 192 or 256 bits. Many observers consider 128 bits sufficient for the foreseeable future for symmetric algorithms of AES's quality until quantum computers become available. However, as of 2015, the U.S. National Security Agency has issued guidance that it plans to switch to quantum computing resistant algorithms and now requires 256-bit AES keys for data classified up to Top Secret.
Create "risks/MASVS-CRYPTO/2-***-****/weak-crypto-key-generation/risk.md" including the following content:
When creating the corresponding tests, use the following areas to guide you:
insufficient Key Length
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Description
Create a new risk for "Weak Cryptographic Key Generation (MASVS-CRYPTO-2)" using the following information:
e.g. 1024-bit RSA keys, 128-bit AES keys*, 160-bit ECDSA keys, 80-bit symmetric keys
Note about 128-bit AES keys: See "Symmetric algorithm key lengths" in https://en.wikipedia.org/wiki/Key_size
Create "
risks/MASVS-CRYPTO/2-***-****/weak-crypto-key-generation/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-CRYPTO/2-***-****/weak-crypto-key-generation/risk.md
)The text was updated successfully, but these errors were encountered: