Domain | Key Type | Algorithm | Key Length |
---|---|---|---|
Web Certificate | RSA or ECC with SHA2+ signature | RSA or ECC with SHA2+ signature | 2048 bit or greater/RSA, 256bit or greater/ECC |
Web Cipher (TLS) | Asymmetric Encryption | Ciphers of B or greater grade on SSL Labs Rating | Varies |
Confidential Data at Rest | Symmetric Encryption | AES | 256 bit |
Passwords | One-way Hash | Bcrypt, PBKDF2, or scrypt, Argon2 | 256 bit+10K Stretch. Include unique cryptographic salt+pepper |
Endpoint Storage (SSD/HDD) | Symmetric Encryption | AES | 128 or 256 bit |