Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes

Share encryption key sizes between Java and Python
2026-05-01 19:55:15 +02:00 · 2022-12-07 08:08:24 -05:00
parent 2c08b95430 f54480b7c8
commit 5e694b5983
9 changed files with 100 additions and 21 deletions
--- a/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp
+++ b/python/ql/src/Security/CWE-326/WeakCryptoKey.qhelp
@@ -11,13 +11,13 @@ As computational power increases, the ability to break ciphers grows and keys ne
 <p>
 The three main asymmetric key algorithms currently in use are Rivest–Shamir–Adleman (RSA) cryptography, Digital Signature Algorithm (DSA), and Elliptic-curve cryptography (ECC).
 With current technology, key sizes of 2048 bits for RSA and DSA,
-or 224 bits for ECC, are regarded as unbreakable.
+or 256 bits for ECC, are regarded as unbreakable.
 </p>
 </overview>

 <recommendation>
 <p>
-Increase the key size to the recommended amount or larger. For RSA or DSA this is at least 2048 bits, for ECC this is at least 224 bits.
+Increase the key size to the recommended amount or larger. For RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
 </p>
 </recommendation>

@@ -45,4 +45,3 @@ Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Len
 </li>
 </references>
 </qhelp>
-
--- a/python/ql/src/change-notes/2022-11-29-ecc-min-secure-keysize.md
+++ b/python/ql/src/change-notes/2022-11-29-ecc-min-secure-keysize.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Bumped the minimum keysize we consider secure for elliptic curve cryptography from 224 to 256 bits, following current best practices. This might effect results from the _Use of weak cryptographic key_ (`py/weak-crypto-key`) query.