ENISA Recommendation for Crypto processes

Juergen Polster jurgenpolster at gmail.com
Fri Nov 15 21:31:53 CET 2013

Heise security news published an article "ENISA-Empfehlungen zu
Krypto-Verfahren" (ENISA Recommendation for Crypto processes). The
article is in German language and can be found under
http://heise.de/-2043356. It holds a summary of the latest
recommendations of ENISA, the European Union Agency for Network and
Information Security (http://www.enisa.europa.eu/).

For those not reading German the "summary" of the summary report is:

Symmetric 80 bit keys are accepted for transaction data and existing
systems to be replaced in the next 5 -10 years. Symmetric keys of 128
bit are OK for mid-term and 256 bit for long-term use.

* Cryptographic Primitives *
Block Cipher -> AES 128, long-term AES 256 bit
Hash Function -> SHA-256, long-term SHA-512 (Camellia, SHA-3 and
Whirlpool are discussed)
Stream Ciphers -> Rabbit + Snow 3G (RC4 to be removed)

* Public Keys*
Elliptic Curve Cryptography is recommended: Transactions -> 160 bit,
mid-term storage -> 256 bit, long-term storage -> 512 bit
RSA still can be used, recommendations are: legacy systems only -> key
size smaller than 3072, mid-term storage -> minimum 3072 (!), long-term
storage -> 15360 (corresponds to 256 bit key symmetric encryption)

* Protocols *
Some detailed recommendations are made for protocols as TLS
(Camellia_128_GCM_SHA256, AES_128_GCM_SHA256), SSH (inter alia
aes128-ctr with hmac-sha2-256) Kerberos and IPSEC.

The original ENISA article "Recommended cryptographic measures -
Securing personal data" is available under 

<flame on>

Regards Juergen Polster

PS: I send this twice as it seems that the first one did not make it. In case it comes double I already apologize :-)

More information about the Gnupg-users mailing list