Cryptography standards

• Data Encryption Standard (DES, now obsolete) • Advanced Encryption Standard (AES) • RSA the original public key algorithm • OpenPGP ==Hash standards==

• MD5 128-bit (obsolete) • SHA-1 160-bit (obsolete) • SHA-2 available in 224, 256, 384, and 512-bit variants • HMAC keyed hash • PBKDF2 Key derivation function (RFC 2898) ==Digital signature standards==

• Digital Signature Standard (DSS), based on the Digital Signature Algorithm (DSA) • RSA • Elliptic Curve DSA ==Public-key infrastructure (PKI) standards==

• X.509 Public Key Certificates ==Wireless Standards==

• Wired Equivalent Privacy (WEP), severely flawed and superseded by WPA • Wi-Fi Protected Access (WPA) better than WEP, a 'pre-standard' partial version of 802.11i • 802.11i a.k.a. WPA2, uses AES and other improvements on WEP • A5/1 and A5/2 cell phone encryption for GSM ==U.S. Government Federal Information Processing Standards (FIPS)==

• FIPS PUB 31 Guidelines for Automatic Data Processing Physical Security and Risk Management 1974 • FIPS PUB 46-3 Data Encryption Standard (DES) 1999 • FIPS PUB 73 Guidelines for Security of Computer Applications 1980 • FIPS PUB 74 Guidelines for Implementing and Using the NBS Data Encryption Standard 1981 • FIPS PUB 81 DES Modes of Operation 1980 • FIPS PUB 102 Guideline for Computer Security Certification and Accreditation 1983 • FIPS PUB 112 Password Usage 1985, defines 10 factors to be considered in access control systems that are based on passwords • FIPS PUB 113 Computer Data Authentication 1985, specifies a Data Authentication Algorithm (DAA) based on DES, adopted by the Department of Treasury and the banking community to protect electronic fund transfers. • FIPS PUB 140-2 Security Requirements for Cryptographic Modules 2001, defines four increasing security levels • FIPS PUB 171 Key Management Using ANSI X9.17 (ANSI X9.17-1985) 1992, based on DES • FIPS PUB 180-2 Secure Hash Standard (SHS) 2002 defines the SHA family • FIPS PUB 181 Automated Password Generator (APG) 1993 • FIPS PUB 185 Escrowed Encryption Standard (EES) 1994, a key escrow system that provides for decryption of telecommunications when lawfully authorized. • FIPS PUB 186-2 Digital Signature Standard (DSS) 2000 • FIPS PUB 190 Guideline for the Use of Advanced Authentication Technology Alternatives 1994 • FIPS PUB 191 Guideline for the Analysis of local area network Security 1994 • FIPS PUB 196 Entity Authentication Using Public Key Cryptography 1997 • FIPS PUB 197 Advanced Encryption Standard (AES) 2001 • FIPS PUB 198 The Keyed-Hash Message Authentication Code (HMAC) 2002 ==Internet Requests for Comments (RFCs)==

Below is a non-exhaustive overview of notable cryptography-related RFCs, grouped by topic. ; Transport Security : • The Transport Layer Security (TLS) Protocol Version 1.3 Defines secure web communication (HTTPS), introduces modern cipher suites and removes legacy cryptography. • The Transport Layer Security Protocol Version 1.2 Predecessor to TLS 1.3, still widely implemented. ; Public-Key Cryptography and Signatures : • RSA Cryptography Specifications Defines RSA encryption and signature schemes such as RSA-OAEP and RSASSA-PSS. • Specifies deterministic generation of the nonce in DSA/ECDSA to avoid catastrophic randomness failures. • Defines modern elliptic curves X25519 and X448 for Diffie–Hellman key exchange. ; Symmetric Cryptography and MACs : • Defines the HMAC construction, widely used with hash functions such as SHA-256. • A widely used key derivation function used in protocols like TLS 1.3. • Defines the ChaCha20 stream cipher and Poly1305 MAC AEAD construction used in TLS, SSH, and QUIC. ; Public-Key Infrastructure and Certificates : • Defines the Internet profile for X.509 certificates, used by TLS certificate authorities. • Defines a protocol for checking certificate revocation status. ; Secure Messaging and Data Formats : • Defines the message format used for secure email (S/MIME). • Specifies the OpenPGP encryption and signature format used in tools like GnuPG. ; Network Security (IPsec) : • Defines the overall IPsec security architecture. • Specifies encrypted IP packets for IPsec. • Defines key exchange and authentication for IPsec VPNs. ==Classified Standards==

• EKMS NSA's Electronic Key Management System • FNBDT NSA's secure narrow band voice standard • Fortezza encryption based on portable crypto token in PC Card format • STE secure telephone • STU-III older secure telephone • TEMPEST prevents compromising emanations ==Other== • IPsec Virtual Private Network (VPN) and more • IEEE P1363 covers most aspects of public-key cryptography • Transport Layer Security (formerly SSL) • SSH secure Telnet and more • Content Scramble System (CSS, the DVD encryption standard, broken by DeCSS) • Kerberos authentication standard • RADIUS authentication standard • ANSI X9.59 electronic payment standard • Common Criteria Trusted operating system standard • CRYPTREC Japanese Government's cryptography recommendations ==See also==