rspec/rules/S4426/common/fix/fix.adoc

As a rule of thumb, use the cryptographic algorithms and mechanisms that are
considered strong by the cryptographic community.

The appropriate choices are the following.

==== RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Algorithm)

The security of these algorithms depends on the difficulty of attacks
attempting to solve their underlying mathematical problem.

In general, a minimum key size of *2048* bits is recommended for both.

==== AES (Advanced Encryption Standard)

AES supports three key sizes: 128 bits, 192 bits and 256 bits. The security of
the AES algorithm is based on the computational complexity of trying all
possible keys. +
A larger key size increases the number of possible keys and makes exhaustive
search attacks computationally infeasible. Therefore, a 256-bit key provides a
higher level of security than a 128-bit or 192-bit key.

Currently, a minimum key size of *128 bits* is recommended for AES.

==== Elliptic Curve Cryptography (ECC)

Elliptic curve cryptography is also used in various algorithms, such as ECDSA,
ECDH, or ECMQV. The length of keys generated with elliptic curve algorithms are mentioned
directly in their names. For example, `secp256k1` generates a 256-bits long
private key.

Currently, a minimum key size of *224 bits* is recommended for EC algorithms.
Modify S4426: Learn-As-You-Code Migration (#2166) ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> 2023-06-20 12:08:25 +02:00			`As a rule of thumb, use the cryptographic algorithms and mechanisms that are`
			`considered strong by the cryptographic community.`

			`The appropriate choices are the following.`

			`==== RSA (Rivest-Shamir-Adleman) and DSA (Digital Signature Algorithm)`

			`The security of these algorithms depends on the difficulty of attacks`
			`attempting to solve their underlying mathematical problem.`

			`In general, a minimum key size of 2048 bits is recommended for both.`

			`==== AES (Advanced Encryption Standard)`

			`AES supports three key sizes: 128 bits, 192 bits and 256 bits. The security of`
			`the AES algorithm is based on the computational complexity of trying all`
			`possible keys. +`
			`A larger key size increases the number of possible keys and makes exhaustive`
			`search attacks computationally infeasible. Therefore, a 256-bit key provides a`
			`higher level of security than a 128-bit or 192-bit key.`

			`Currently, a minimum key size of 128 bits is recommended for AES.`

			`==== Elliptic Curve Cryptography (ECC)`

			`Elliptic curve cryptography is also used in various algorithms, such as ECDSA,`
			`ECDH, or ECMQV. The length of keys generated with elliptic curve algorithms are mentioned`
			directly in their names. For example, `secp256k1` generates a 256-bits long
			`private key.`

			`Currently, a minimum key size of 224 bits is recommended for EC algorithms.`