Expand the Cryptography Appendix for MAC, signatures, key derivation functions #2314
Assignees
Labels
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
AppendixV
Appendix with crypto details
enhancement
_5.0 - Not blocker
This issue does not block 5.0 so if it gets addressed then great, if not then fine.
Comments
|
Indeed this is needed, I'll add it to the roadmap. The good thing about moving all the deeper technical stuff into an appendix is that we aren't as constrained as we are with the main chapters, so this is much easier. Ill assign this to me for now |
tghosth
added
1) Discussion ongoing
danielcuthbert
added a commit
that referenced
this issue
Nov 11, 2024
|
Morning, spent last night adding this into a patch https://github.com/OWASP/ASVS/blob/dc_v6_patch3/5.0/en/0x97-Appendix-V_Cryptography.md Does this match what you had in mind @randomstuff |
|
In the KDF section, we might want to add the PRF used in TLS 1.2 (for compatibility with TLS 1.2) (?). |
Merged
|
added in #2371 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The crypto appendix currently provides guidance around suitable algorithms for:
The following things are not covered:
Should this appendix be expanded to cover these (and relevant requirements be included as well)?
The text was updated successfully, but these errors were encountered: