Algorithm |
Operation |
Status |
Alternative |
QCR |
Mitigation |
DES |
Encryption |
Avoid |
AES |
— |
— |
3DES |
Encryption |
Legacy |
AES |
— |
Short key lifetime |
RC4 |
Encryption |
Avoid |
AES |
— |
— |
AES-CBC mode
AES-GCM mode
|
Encryption
Authenticated encryption
|
Acceptable
NGE
|
AES-GCM
—
|
✓ (256-bit)
✓ (256-bit)
|
—
—
|
DH-768, -1024
RSA-768, -1024
DSA-768, -1024 |
Key exchange
Encryption
Authentication
|
Avoid
|
DH-3072 (Group 15)
RSA-3072
DSA-3072 |
—
—
—
|
—
—
—
|
DH-2048
RSA-2048
DSA-2048 |
Key exchange
Encryption
Authentication
|
Acceptable
|
ECDH-256
—
ECDSA-256 |
—
—
—
|
—
—
—
|
DH-3072
RSA-3072
DSA-3072
|
Key exchange
Encryption
Authentication
|
Acceptable |
ECDH-256
—
ECDSA-256 |
—
—
—
|
—
—
—
|
MD5 |
Integrity |
Avoid |
SHA-256 |
— |
— |
SHA-1
|
Integrity
|
Legacy
|
SHA-256
|
— |
—
|
SHA-256
SHA-384
SHA-512
|
Integrity
|
NGE
|
SHA-384
—
—
|
—
✓
✓
|
—
—
—
|
HMAC-MD5 |
Integrity |
Legacy |
HMAC-SHA-256 |
— |
Short key lifetime |
HMAC-SHA-1 |
Integrity |
Acceptable |
HMAC-SHA-256 |
— |
— |
HMAC-SHA-256 |
Integrity |
NGE |
— |
✓ |
— |
ECDH-256
ECDSA-256 |
Key exchange
Authentication
|
Acceptable
|
ECDH-384
ECDSA-384 |
—
—
|
—
—
|
ECDH-384
ECDSA-384 |
Key exchange
Authentication
|
NGE
|
—
—
|
—
—
|
—
—
|
1. QCR = quantum computer resistant.
2. NGE = next generation encryption.
|