2013.10.24

[uclinux-h8/uClinux-dist.git] / freeswan / klips / doc / klipsNGreq / requirements / 019 / requirement019.tex

\subsection{019: secure ciphers and hashes}

\subsubsection{019: Definition of requirement }

The project will use only ciphers and hashes which are known to be secure.
The definition of secure used includes: that the algorithm has sustained a reasonable
length of analysis, that it can not be brute forced with current technology
in less than a decade, and that there are no covert channels.

\subsubsection{019: response}

Use of MD5, SHA1 as hashes and 3DES for cipher is currently used.
This will be maintained.

1DES is considered insecure and will not be added.
RC4 is considered insecure and will not be added.

The project will only add new algorithms after extensive discussion.
AES is currently under discussion, but is not scheduled to be added at this
time.