It’s past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to install in a secure fashion.
The good news, however: behind the huge amount of detail that you’d have to work through if you were actually implementing crypto, ENISA says (PDF) there are only two decisions that have to be made at the high level:
1 – Is the legacy system you’re already using fit for purpose, in terms of its crypto primitive, scheme, protocol and key size? If the answer is no, ENISA makes a strong recommendation that the system be updated “as a matter of urgency”.
2 – Is the primitive, scheme, protocol or key size you’re looking at suitable for new deployments?
The second case, ENISA writes, depends on characteristics like proofs of security, key sizes of 128 bits of symmetric security or better, are well-studied and without structural weaknesses, are standardised, and have a reasonable existing installed base.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…