From 5d1e36f924b5f1a1b7852835d9e1802a7121c580 Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Wed, 12 Jan 2022 00:45:01 -0500 Subject: [PATCH] Update for 12-01-22 00:45 --- tech/cia-do-dont.wiki | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki index ae6cb2b..3b67f40 100644 --- a/tech/cia-do-dont.wiki +++ b/tech/cia-do-dont.wiki @@ -67,3 +67,13 @@ This is the CIA list of dos and donts. * DONOT assume free versions of PSP is the same as retail PSP. Test on all versions in a sandbox * DO test PSPs with recently live internet connections when possible + +== Encryption == + +* Key exchange *must* be performed via Diffie-Hellman, Eliptic Curve + Diffie-Helmen, or RSA. + - ECDH, the prime must be 256 bits + - DH and RSA primes must be *at least* 2048 bits + - DH and ECDH is prefered for perfect forward security +* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA + - Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits)