Versions Compared

Old Version 17

changes.mady.by.user Stephen Terrill

Saved on

compared with

New Version 18

changes.mady.by.user Stephen Terrill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Level 1 70% of the projects included in the release at passing badge level
    • with non-passing projects reaching 80% towards passing level.
    • Non passing projects MUST pass these specific criteria:
      • The software produced by the project MUST use, by default, only cryptographic protocols and algorithms that are publicly published and reviewed by experts (if cryptographic protocols and algorithms are used).
      • If the software produced by the project is an application or library, and its primary purpose is not to implement cryptography, then it SHOULD only       call on software specifically designed to implement cryptographic functions; it SHOULD NOT re-implement its own.
      • The security mechanisms within the software produced by the project MUST use       default use default keylengths that at least meet the NIST minimum requirements       through the year 2030 (as stated in 2012). It MUST be possible to       configure the software so that smaller keylengths are completely       disabled.
      • The default security mechanisms within the software produced by the project       MUST project MUST NOT depend on broken cryptographic algorithms (e.g., MD4, MD5,       single DES, RC4, Dual_EC_DRBG) or use cipher modes that are inappropriate       to inappropriate to the context (e.g., ECB mode is almost never appropriate because it       reveals identical blocks within the ciphertext as demonstrated by the ECB penguin, and CTR  mode is often inappropriate because it does not perform authentication       and causes duplicates if the input state is repeated).
      • The default security mechanisms within the software produced by the project       SHOULD project SHOULD NOT depend on cryptographic algorithms or modes with known serious       weaknesses (e.g., the SHA-1 cryptographic hash algorithm or the CBC mode in SSH).
      • If the software produced by the project causes the storing of       passwords of passwords for authentication of external users, the passwords MUST be       stored as iterated hashes with a per-user salt by using a key stretching       stretching (iterated) algorithm (e.g., PBKDF2, Bcrypt or Scrypt).
  • Level 2  70% of the projects in the release passing silver
    • with non-silver projects completed passing level and 80% towards silver level
  • Level 3 70% of the projects included in the release passing gold
    • with non-gold projects achieving silver level and achieving 80% towards gold level
  • Level 4: 100% of the projects in the release passing gold level. 

...