Summary

Use hash functions with a minimum size of 256 bits.

Description

Systems must use hash functions with a minimum size of 256 bits because it is important for achieving a high level of security and resistance against various cryptographic attacks. It provides a robust foundation for cryptographic protocols and password hashing implementations.

References

• CAPEC-20. Encryption brute forcing
• IEC62443-DC-4_3. Use of cryptography
• OSSTMM3-11_7_4. Data networks security (controls verification) - Integrity
• ISSAF-E_21. Network security - Switch security assessment (VLAN reconfiguration)
• ISSAF-F_5_3. Network security - Router security assessment (protect passwords)
• ISSAF-H_14_17. Network security - Intrusion detection (detection engine)
• ISSAF-Q_16_10. Host security - Windows security (SMB attacks)
• ASVS-2_4_1. Credential storage
• ASVS-6_2_5. Algorithms
• PCI-3_5_1. Primary account number (PAN) is secured wherever it is stored
• CWE-328. Use of weak hash
• CWE-522. Insufficiently protected credentials
• ASVS-6_2_1. Algorithms
• ASVS-6_2_7. Algorithms
• CASA-2_4_1. Credential Storage
• CASA-6_2_5. Algorithms
• CASA-6_2_7. Algorithms

Weaknesses

• 016. Insecure encryption algorithm - SSL/TLS
• 051. Cracked weak credentials
• 052. Insecure encryption algorithm
• 092. Insecure encryption algorithm - Anonymous cipher suites
• 094. Insecure encryption algorithm - Cipher Block Chaining
• 133. Insecure encryption algorithm - Perfect Forward Secrecy
• 261. Insecure encryption algorithm - DSA
• 262. Insecure encryption algorithm - SHA1
• 263. Insecure encryption algorithm - MD5
• 264. Insecure encryption algorithm - TripleDES
• 265. Insecure encryption algorithm - AES
• 269. Insecure encryption algorithm - Blowfish
• 282. Insecure encryption algorithm - ECB
• 421. Insecure encryption algorithm - Insecure Elliptic Curve