Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
0
Replies

Issues in NGE document

boldt
Level 1
Level 1

‎02-13-2018 03:50 PM - edited ‎03-10-2019 12:58 AM

I read your Next Generation Encryption (version October 2015) document.

 

a) "Table 1: Recommendations for Cryptographic Algorithms" recommends the following Cryptographic Algorithmswith status NGE:

 

  • ​​Authenticated encryption: AES-GCM mode

  • Integrity: SHA-256 / SHA-384 / SHA-512

  • Key exchange: ECDH-384

  • Authentication: ECDSA-384

     

Issue 1: The table 1 does not recommend an AES key length. Based on the rest of the document, it should be AES-128-CBC and AES-128-GCM

Issue 2: Mention the IKE Groups already in the Algorithm column. E.g., "DH-3072 (Group 15)" and IKE Groups 19 and 20 for ECDH-256 and ECDH-384. Group 15 is mentioned just once n the "Alterantive" column.

 

b) Section "Categories of Cryptographic Algorithms", NGE recommends:


Symmetric Key:

  • AES with 128-bit keys provides adequate protection for sensitive information.

  • AES with 256-bit keys is required to protect classified information of higher importance.

Elliptic Curve:

  • ECDH and ECDSA using 256-bit prime modulus secure elliptic curves provide adequate protection for sensitive information.
  • ECDH and ECDSA over 384-bit prime modulus secure elliptic curves are required to protect classified information of higher importance.

Hash:

  • SHA-256 provides adequate protection for sensitive information.
  • SHA-384 is required to protect classified information of higher importance.

Public Key:

  • DH, DSA, and RSA can be used with a 3072-bit modulus to protect sensitive information.

Issue 3: How about classified information of higher importance? Probably it is 4096 bit, since you recommend the usage of "IKE Group 16" in the VPN example later.

Issue 4:

  • Option 1) I expect the smallest "acceptabe" algorithm in table 1, e.g., DH-2048, RSA-2048 and DSA-2048
  • Option 2) The 2048-bit versions must be legacy in table 1.

 

c) Following the "Appendix A: Minimum Cryptography Recommendations":

  • Encryption: AES-128-CBC mode
  • Authentication RSA-3072, DSA-3072
  • Integrity: SHA-256
  • Key exchange: DH Group 15 (3072-bit)

Issue 5: Please write "DH-3072 (Group 15)" instead of "DH Group 15" to be consistent with table 1.

Issue 6: I miss an EC recommendation, which is provided in table 1.

Issue 7: This appendix contradicts with table 1. I would excpect the smallest acceptable algorithms/NGE in table 1 to be the "Recommended Minimum Security Algorithms":

  • AES-CBC is the smalles algorithm in table 1 ✔
  • RSA-3072, DSA-3072 are not the smallest algorithms in table 1 (see Issue 4) ✘
  • SHA-256 is the samllest acceptable/NGE table 1 ✔
  • DH Group 15 (3072-bit) is not the smallest algorithms in table 1 (see Issue 4) ✘

d) Conclusion:

The status for DH-2048, RSA-2048, DSA-2048 must be Legacy, or all minimum required DLOG sizes must be 2048 bit instead of 3072 bit.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents