Security/Guidelines/crypto algorithms

Industry-known insecure encryption algorithms should be prohibited
Industry-known insecure encryption algorithms, such as DES, 3DES (except the scenario when K1≠K2≠K3), SKIPJACK, RC2, RSA (1024 bits or lower), MD2, and MD4, are prohibited.


 * In the scenario of digital signature generation, MD5 and SHA1 are prohibited. In the scenario of password encryption and storage, MD5 is prohibited. In the scenarios of digital signature generation and encrypted storage of passwords, MD5 (except HMAC-MD5) is prohibited. In the scenario of digital signature generation, SHA1 is prohibited.


 * SHA1 can be used in HMAC, PBKDF2, and random number generators (RNGs).


 * However, if MD5 and SHA1 the industry-known insecure encryption algorithms are defined by standard protocols and do not have substitute algorithms, or products need to connect to third-party systems or be compatible with old systems, the industry-known insecure encryption algorithms can be used in the these scenarios.

Recommended algorithms
The following algorithms are recommended:


 * Block cryptographic algorithm: AES (128 bits or above)


 * Stream cryptographic algorithm: AES (128 bits or above) (OFB or CTR mode)


 * Asymmetrical encryption algorithm: RSA (2048 bits or above)


 * Hash algorithm: SHA2 (256 bits or above)


 * Key exchange algorithm: DH (2048 bits or above)


 * Hash-based message authentication code (HMAC) algorithm: HMAC-SHA2

Use secure encryption algorithms by default
Use secure encryption algorithms by default. If customers select insecure encryption algorithms, the system must notify them of security risks.