Content deleted Content added
m →top: fixed style |
→Weak: trimmed the list, see the talk page |
||
Line 70:
Examples that are not considered cryptographically strong include:
* The [[Data Encryption Standard|DES]], whose 56-bit keys allow attacks via exhaustive search.
* Triple-DES (3DES / EDE3-DES) can be subject of the "SWEET32 Birthday attack"<ref>[https://www.ibm.com/support/pages/security-bulletin-sweet32-vulnerability-impacts-triple-des-cipher-affects-communications-server-data-center-deployment-communications-server-aix-linux-linux-system-z-and-windows-cve-2016-2183 Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher]. IBM Security Bulletin, 2016.</ref>
* [[Wired Equivalent Privacy]] which is subject to a number of attacks due to flaws in its design.
* [[Transport Layer Security|SSL]] v2 and v3. TLS 1.0 and TLS 1.1 are also deprecated now [see RFC7525] because of irreversible flaws which are still present by design and because they do not provide elliptical handshake (EC) for ciphers, no modern cryptography, no CCM/GCM ciphermodes. TLS1.x are also announced off by the PCIDSS 3.2 for commercial business/banking implementations on web frontends. Only TLS1.2 and TLS 1.3 are allowed and recommended, modern ciphers, handshakes and ciphermodes must be used exclusively.
* The [[MD5]] and [[SHA-1]] hash functions, no longer immune to collision attacks.
* The [[RC4]] stream cipher.
* The 40-bit [[Content Scramble System]] used to encrypt most [[DVD-Video]] discs.
* Almost all [[classical cipher]]s.
Line 84 ⟶ 83:
* DHE/EDHE is guessable/weak when using/re-using known default prime values on the server
* The [[Cipher block chaining|CBC]] block cipher mode of operation is considered weak for TLS (the CCM/GCM modes are now recommended).{{cn|date=July 2023}}
==Notes==
| |||