rspec/rules/S4426/description.adoc

Most of cryptographic systems require a sufficient key size to be robust against brute-force attacks.
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf[NIST recommendations] will be checked for these use-cases:

*Digital Signature Generation* and *Verification:* 

* p ≥ 2048 AND q ≥ 224 for DSA (`+p+` is key length and `+q+` the modulus length)
* n ≥ 2048 for  RSA (`+n+` is the key length)

*Key Agreement*: 

* p ≥ 2048 AND q ≥ 224 for DH and MQV
* n ≥ 224 for ECDH and ECMQV  (Examples: `+secp192r1+` is a non-compliant curve (`+n+` < 224) but `+secp224k1+` is compliant (`+n+` >= 224))

*Symmetric keys*: 

* key length ≥ 128 bits

This rule will not raise issues for ciphers that are considered weak (no matter the key size) like `+DES+`, `+Blowfish+`.
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`Most of cryptographic systems require a sufficient key size to be robust against brute-force attacks.`
			`https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf[NIST recommendations] will be checked for these use-cases:`

			`Digital Signature Generation and Verification:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			* p ≥ 2048 AND q ≥ 224 for DSA (`+p+` is key length and `+q+` the modulus length)
			* n ≥ 2048 for RSA (`+n+` is the key length)
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
			`Key Agreement:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add rules 4000-4999 2020-06-30 12:49:37 +02:00			`* p ≥ 2048 AND q ≥ 224 for DH and MQV`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			* n ≥ 224 for ECDH and ECMQV (Examples: `+secp192r1+` is a non-compliant curve (`+n+` < 224) but `+secp224k1+` is compliant (`+n+` >= 224))
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`Symmetric keys:`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`* key length ≥ 128 bits`
Add rules 4000-4999 2020-06-30 12:49:37 +02:00
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			This rule will not raise issues for ciphers that are considered weak (no matter the key size) like `+DES+`, `+Blowfish+`.