Cryptographic algorithms have been around for a while and are being used in more applications every day. The presence of a cryptographic function within any system gives users and operators a sense of increased security and privacy, and while that’s true for some cases, it’s not a valid assumption for all cryptographic algorithms. Like all other technical security measures, cryptographic algorithms change, they get old, they can be broken and sometimes they simply can’t keep up with the advances in technology. Not every cryptographic algorithm is a secure one, and even for the ones considered secure, not all operation modes are secure by default.
In this page, we will present a set of recommendations concerning various popular cryptographic algorithms and their operation modes. These recommendations are based on the current best practices and will be updated as needed.
This document doesn’t go into details about the different cryptographic algorithms, basic concepts related to cryptography or other related topics if you need to learn more about that you can check the links at the end of this page for a starting point. The rest of this document assumes the reader understands the different terms and is aware of the implementation details for various algorithms.
|Avoid||DH-3072 (Group 15)
|HMAC-MD5||Message Authentication Codes||Legacy||HMAC-SHA-256|
|HMAC-SHA-1||Message Authentication Codes||Acceptable||HMAC-SHA-256|
|HMAC-SHA-256||Message Authentication Codes||Acceptable|
1. Secure Hash Standard (SHS)
2. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
3. Recommendation for Block Cipher Modes of Operation
4. Lifetimes of cryptographic hash functions
5. Cryptographic Key Length Recommendation
6. Comparative Study Of AES, Blowfish, CAST-128 And DES Encryption Algorithm
7. Next Generation Encryption | Cisco