Expand the Cryptography Appendix for MAC, signatures, key derivation functions

OWASP / ASVS

Application Security Verification Standard

Creative Commons Attribution Share Alike 4.0 International

2.74k stars 668 forks source link

Expand the Cryptography Appendix for MAC, signatures, key derivation functions #2314

Open randomstuff opened 6 days ago

randomstuff commented 6 days ago

The crypto appendix currently provides guidance around suitable algorithms for:

ciphers
random generation
symmetric ciphers
key wrapping
key exchange and DH groups
secure hash functions
password hashing

The following things are not covered:

MAC
digital signatures
key derivation functions

Should this appendix be expanded to cover these (and relevant requirements be included as well)?

danielcuthbert commented 6 days ago

Indeed this is needed, I'll add it to the roadmap. The good thing about moving all the deeper technical stuff into an appendix is that we aren't as constrained as we are with the main chapters, so this is much easier. Ill assign this to me for now

danielcuthbert commented 2 days ago

Morning, spent last night adding this into a patch https://github.com/OWASP/ASVS/blob/dc_v6_patch3/5.0/en/0x97-Appendix-V_Cryptography.md

Does this match what you had in mind @randomstuff

randomstuff commented 2 days ago

In the KDF section, we might want to add the PRF used in TLS 1.2 (for compatibility with TLS 1.2) (?).

danielcuthbert commented 16 hours ago

added in https://github.com/OWASP/ASVS/pull/2371