Go-SCP icon indicating copy to clipboard operation
Go-SCP copied to clipboard
verified publisher icon OWASP

Incorrect Cryptography recommendations

Open lojikil opened this issue 5 years ago • 1 comments

In the Cryptography Practices section we say the following:

MD5 is the most popular hashing algorithm, but securitywise BLAKE2 is considered the strongest and most flexible.

and

To fight back, the hashing function should be inherently slow, using at least 10,000 iterations.

MD5 is deprecated and insecure; we should never list it as a compliant sample. Additionally, iterated hashing is incorrect, and. we should recommend key stretching or some other mechanism for handling these scenarios. Lastly, there are no mentions of HMACs, which are the correct solution to authentication issues.

I can help massage these sections with some input from our cryptographers.

Additionally, we say:

Please not that slowness is something desired on a cryptographic hashing algorithm.

Which should be "Please note..."

lojikil avatar Sep 21 '20 14:09 lojikil

Hello @lojikil, Any short-term plan from your side to open a Pull Request with your suggestions?

Cheers, Paulo A. Silva

PauloASilva avatar Apr 13 '21 09:04 PauloASilva