Is RC4 and MD5 PCI-compliant?

Networking/Security Forums -> Cryptographic Software and Hardware

Author: synonymous2 PostPosted: Thu Nov 18, 2010 10:30 pm    Post subject: Is RC4 and MD5 PCI-compliant?
    ----
I'm trying to set up a web server according to PCI 1.2. Can this server have RC4 cipher and MD5 hashes enabled? The "Strong cryptography" does not specify this explicitly.

Author: krugger PostPosted: Fri Nov 19, 2010 1:30 pm    Post subject:
    ----
The whole idea of not chosing a explicit algorithm is to allow people to choose what suits them and make the standard last longer.

So you should try and and get something stronger than RC4/MD5.

Author: Fire AntLocation: London PostPosted: Fri Nov 19, 2010 11:01 pm    Post subject:
    ----
Hi synonymous2,

PCI is not a technical specification. Although it does make technical recommendations such as not using WEP.

For technical guidance with regards to cryptographic algorithms I suggest you look at NIST FIPS 140-2 Approved algorithms.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

Krugger is correct, you should not use these algorithms.

Fire Ant



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group