Use of Cryptography¶
Welkin recommends the ECRYPT-CSA "near term use". The key cryptographic parameters are listed below.
Recommended Strengths¶
| Cryptographic Structure | Size |
|---|---|
| Symmetric | 128 |
| Factoring Modulus | 3072 |
| Discrete Logarithm | 256/3072 |
| Elliptic Group | 256 |
| Hash | 256 |
Recommended Algorithms¶
| Function | Algorithm |
|---|---|
| Block Ciphers | AES Camellia Serpent |
| Hash Functions | SHA-2 (256, 384, 512, 512/256) SHA-3 (256, 384, 512, SHAKE128, SHAKE256) Whirlpool (512) BLAKE (256, 584, 512) |
| Public Key Primitive | RSA (>3072) DSA (>256/3072) ECDSA (>256) |
Recommended Implementation¶
Ubuntu 22.04 already generates SSH and GPG keys conforming to this recommendation, as evidenced below:
$ ssh-keygen
Generating public/private rsa key pair.
[...]
+---[RSA 3072]----+
| o+.=++|
| +o..= |
| = =...o |
| O @. o |
| . S +. . .|
| + B .. .E|
| . O o ..o |
| o + +o... |
| +oo=o |
+----[SHA256]-----+
$ gpg --generate-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
[...]
pub rsa3072 2023-03-24 [SC] [expires: 2025-03-23]
41E32D8838ADA81B4D57333E79797753D349F087
uid Cristian Klein <cristian.klein@example.com>
sub rsa3072 2023-03-24 [E] [expires: 2025-03-23]
Notes on HTTPS Traffic¶
For HTTPS traffic, Welkin allows either TLS 1.2 or TLS 1.3. TLS 1.3 mandates forward secrecy. TLS 1.2 makes forward secrecy optional, however, the default cipher list in Welkin prioritizes algorithms that provide perfect forward secrecy. In brief, you can rely on forward secrecy with most browsers in use today.
Forward secrecy addresses the "store now, decrypt later" attack. In essence, an attacker cannot decrypt past HTTPS transmissions even if the TLS certificate (private key) is compromised.
Welkin uses RSA 2048 when provisioning HTTPS certificates, which is lower than the present recommendation. However, these certificates have a short expiration time of 3 months. Hence, with short certificate expiration time and forward secrecy, usage of RSA 2048 for HTTPS certificates does not add a security risk.
We recommend you to regularly run the Qualys SSL Server Test against the application HTTPS endpoints to make sure encrypted-in-transit sufficiently protects your data. At the time of this writing, Welkin receives A+ overall rating.