150 – Set minimum size for hash functions

Summary

Use hash functions with a minimum size of 256 bits.

Description

Systems must use hash functions with a minimum size of 256 bits because it is important for achieving a high level of security and resistance against various cryptographic attacks. It provides a robust foundation for cryptographic protocols and password hashing implementations.

Supported In

Essential: True

Advanced: True

References

• CAPEC-20. Encryption brute forcing
• IEC62443-DC-4_3. Use of cryptography
• OSSTMM3-11_7_4. Data networks security (controls verification) - Integrity
• ISSAF-E_21. Network security - Switch security assessment (VLAN reconfiguration)
• ISSAF-F_5_3. Network security - Router security assessment (protect passwords)
• ISSAF-H_14_17. Network security - Intrusion detection (detection engine)
• ISSAF-Q_16_10. Host security - Windows security (SMB attacks)
• ASVS-2_4_1. Credential storage
• ASVS-6_2_5. Algorithms
• PCI-3_5_1. Primary account number (PAN) is secured wherever it is stored
• CWE-328. Use of weak hash
• CWE-522. Insufficiently protected credentials
• ASVS-6_2_1. Algorithms
• ASVS-6_2_7. Algorithms
• CASA-2_4_1. Credential Storage
• CASA-6_2_5. Algorithms
• CASA-6_2_7. Algorithms

Weaknesses

• 133 – Insecure encryption algorithm - Perfect Forward Secrecy
• 261 – Insecure encryption algorithm - DSA
• 262 – Insecure encryption algorithm - SHA1
• 263 – Insecure encryption algorithm - MD5
• 264 – Insecure encryption algorithm - TripleDES
• 265 – Insecure encryption algorithm - AES
• 269 – Insecure encryption algorithm - Blowfish
• 282 – Insecure encryption algorithm - ECB
• 421 – Insecure encryption algorithm - Insecure Elliptic Curve
• 016 – Insecure encryption algorithm - SSL/TLS
• 051 – Cracked weak credentials
• 052 – Insecure encryption algorithm
• 092 – Insecure encryption algorithm - Anonymous cipher suites
• 094 – Insecure encryption algorithm - Cipher Block Chaining

Last updated

2024/01/18