Crypto requirements - key rotation #579
-
|
During reading crypto requirements, I cannot find requirement which is related to key rotation (changing key and its related and appriopate time length when key is used). I started to consider this from key lifecycle and I think it is missing here. Related guide NIST SP800-175B chapter 5.1.1 |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
|
Good point: either we extend MSTG-CRYPTO-5 or create a new requirement 👍 |
Beta Was this translation helpful? Give feedback.
-
|
+1 to key rotation. @julepka and I recommend the following requirement (see #500): |
Beta Was this translation helpful? Give feedback.
-
|
This is considered in the new release of MASVS-CRYPTO (#612, see MASVS-CRYPTO-3). Thanks a lot @lwierzbicki! |
Beta Was this translation helpful? Give feedback.
-
|
Now covered in this to-be-created weakness https://mas.owasp.org/MASWE/MASVS-CRYPTO/MASWE-0011/ @lwierzbicki, @vixentael would you like to create this item for the new MASWE? |
Beta Was this translation helpful? Give feedback.
This is considered in the new release of MASVS-CRYPTO (#612, see MASVS-CRYPTO-3). Thanks a lot @lwierzbicki!