Summary

The asymmetric encryption mechanism must use a minimum key size of 2048 bits.

Description

The key size in asymmetric encryption is directly correlated with the strength of the encryption. Larger key sizes provide a higher level of security because they increase the complexity of the mathematical problem that an attack is intended to solve and break the encryption.

References

• CAPEC-20. Encryption brute forcing
• HIPAA-164_312_a_2_iv. Encryption and decryption (addressable)
• HITRUST-10_g. Key management
• ISO27002-8_24. Use of cryptography
• IEC62443-DC-4_3. Use of cryptography
• ISSAF-E_21. Network security - Switch security assessment (VLAN reconfiguration)
• ISSAF-F_5_3. Network security - Router security assessment (protect passwords)
• ISSAF-H_14_17. Network security - Intrusion detection (detection engine)
• BSAFSS-EN_2-4. Avoid weak encryption
• ASVS-6_2_5. Algorithms
• SIG-D_6_13. Asset and information management
• ASVS-6_2_1. Algorithms
• ASVS-6_2_7. Algorithms
• ISO27001-8_24. Use of cryptography
• CASA-6_2_1. Algorithms
• CASA-6_2_5. Algorithms
• CASA-6_2_7. Algorithms
• OWASPMASVS-CRYPTO-1. The app employs current strong cryptography and uses it according to industry best practices

Weaknesses

• 016. Insecure encryption algorithm - SSL/TLS
• 052. Insecure encryption algorithm
• 092. Insecure encryption algorithm - Anonymous cipher suites
• 094. Insecure encryption algorithm - Cipher Block Chaining
• 133. Insecure encryption algorithm - Perfect Forward Secrecy
• 261. Insecure encryption algorithm - DSA
• 262. Insecure encryption algorithm - SHA1
• 263. Insecure encryption algorithm - MD5
• 264. Insecure encryption algorithm - TripleDES
• 265. Insecure encryption algorithm - AES
• 269. Insecure encryption algorithm - Blowfish
• 282. Insecure encryption algorithm - ECB
• 421. Insecure encryption algorithm - Insecure Elliptic Curve