Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better defaults #954

Open
4 of 10 tasks
maraino opened this issue Jun 6, 2023 · 0 comments
Open
4 of 10 tasks

Better defaults #954

maraino opened this issue Jun 6, 2023 · 0 comments
Labels
enhancement needs triage Waiting for discussion / prioritization by team

Comments

@maraino
Copy link
Collaborator

maraino commented Jun 6, 2023
edited

Description

This issue describes changes on the new defaults:

  • Default signing algorithm: ECDSA-P256
  • Default hash algorithm: SHA256
  • Default PBKDF-2 iterations: 600000
  • Default asymmetric encryption algorithm: RSA-OAEP+SHA256
  • Default symmetric encryption algorithm (PKCS#7, PKCS#12): AES256-GCM - ideally ChaCha20-Poly1305
  • Default size for an RSA Key: 3072
  • Default signing algorithm with an RSA key: RSA-PSS+SHA256
  • Default format: PKCS#8
  • Default TLS version: TLS-1.3 (min TLS-1.2)
  • Default KDF: Argon2id, (PBKDF2 for FIPS-140)

CC: @hslatman @dopey @mmalone
@maraino maraino added enhancement needs triage Waiting for discussion / prioritization by team labels Jun 6, 2023
@maraino maraino changed the title Better key defaults Better defaults Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maraino