Use of Cryptography

Compliant Kubernetes recommends the ECRYPT-CSA "near term use". The key cryptographic parameters are listed below.

Recommended Strengths

Cryptographic Structure	Size
Symmetric	128
Factoring Modulus	3072
Discrete Logarithm	256/3072
Elliptic Group	256
Hash	256

Recommended Algorithms

Function	Algorithm
Block Ciphers	AES Camellia Serpent
Hash Functions	SHA-2 (256, 384, 512, 512/256) SHA-3 (256, 384, 512, SHAKE128, SHAKE256) Whirlpool (512) BLAKE (256, 584, 512)
Public Key Primitive	RSA (>3072) DSA (>256/3072) ECDSA (>256)

Recommended Implementation

Ubuntu 22.04 already generates SSH and GPG keys conforming to this recommendation, as evidenced below:

$ ssh-keygen
Generating public/private rsa key pair.
[...]
+---[RSA 3072]----+
|           o+.=++|
|           +o..= |
|        = =...o  |
|       O @.    o |
|      . S +.  . .|
|       + B  .. .E|
|      . O o ..o  |
|       o + +o... |
|          +oo=o  |
+----[SHA256]-----+
$ gpg --generate-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
[...]
pub   rsa3072 2023-03-24 [SC] [expires: 2025-03-23]
      41E32D8838ADA81B4D57333E79797753D349F087
uid                      Cristian Klein <cristian.klein@example.com>
sub   rsa3072 2023-03-24 [E] [expires: 2025-03-23]

Notes on HTTPS Traffic

For HTTPS traffic, Compliant Kubernetes allows either TLS 1.2 or TLS 1.3. TLS 1.3 mandates forward secrecy. TLS 1.2 makes forward secrecy optional, however, the default cipher list in Compliant Kubernetes prioritizes algorithms that provide perfect forward secrecy. In brief, you can rely on forward secrecy with most browsers in use today.

Forward secrecy addresses the "store now, decrypt later" attack. In essence, an attacker cannot decrypt past HTTPS transmissions even if the TLS certificate (private key) is compromised.

Compliant Kubernetes uses RSA 2048 when provisioning HTTPS certificates, which is lower than the present recommendation. However, these certificates have a short expiration time of 3 months. Hence, with short certificate expiration time and forward secrecy, usage of RSA 2048 for HTTPS certificates does not add a security risk.

We recommend you to regularly run the Qualys SSL Server Test against the application HTTPS endpoints to make sure encrypted-in-transit sufficiently protects your data. At the time of this writing, Compliant Kubernetes receives A+ overall rating.

Further Reading

• ECRYPT–CSA D5.4 Algorithms, Key Size and Protocols Report (2018)
• BlueCrypt Cryptographic Key Length Recommendation
• Ingress Nginx SSL Ciphers
• Mozilla SSL recommendations
• Forward secrecy