mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 06:34:57 +03:00
mukul975
77 lines
3.3 KiB
Markdown
77 lines
3.3 KiB
Markdown
# Standards and References - AES Encryption for Data at Rest
|
|
|
|
## Primary Standards
|
|
|
|
### NIST FIPS 197 - Advanced Encryption Standard (AES)
|
|
- **URL**: https://csrc.nist.gov/publications/detail/fips/197/final
|
|
- **Description**: Defines the AES algorithm (Rijndael) with key sizes of 128, 192, and 256 bits
|
|
- **Block size**: 128 bits (16 bytes)
|
|
- **Key sizes**: 128, 192, or 256 bits
|
|
- **Rounds**: 10 (128-bit), 12 (192-bit), 14 (256-bit)
|
|
|
|
### NIST SP 800-38D - Recommendation for Block Cipher Modes: GCM and GMAC
|
|
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-38d/final
|
|
- **Description**: Specifies Galois/Counter Mode (GCM) for authenticated encryption
|
|
- **IV length**: 96 bits recommended for GCM
|
|
- **Tag length**: 128 bits recommended (minimum 96 bits)
|
|
- **Max plaintext**: 2^39 - 256 bits per invocation
|
|
|
|
### NIST SP 800-132 - Recommendation for Password-Based Key Derivation
|
|
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-132/final
|
|
- **Description**: Covers PBKDF2 for deriving cryptographic keys from passwords
|
|
- **Minimum iterations**: 600,000 (OWASP 2024 recommendation for PBKDF2-SHA256)
|
|
- **Salt length**: Minimum 128 bits (16 bytes)
|
|
|
|
### NIST SP 800-38A - Recommendation for Block Cipher Modes of Operation
|
|
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-38a/final
|
|
- **Description**: Defines ECB, CBC, CFB, OFB, and CTR modes
|
|
|
|
### NIST SP 800-57 Part 1 Rev. 5 - Key Management
|
|
- **URL**: https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final
|
|
- **Description**: Recommendations for cryptographic key lengths and algorithms
|
|
- **AES-256 security strength**: 256 bits
|
|
- **Recommended until**: Beyond 2031
|
|
|
|
## RFC Standards
|
|
|
|
### RFC 5116 - An Interface and Algorithms for Authenticated Encryption
|
|
- **URL**: https://www.rfc-editor.org/rfc/rfc5116
|
|
- **Description**: Defines AEAD interface including AES-GCM
|
|
|
|
### RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
|
|
- **URL**: https://www.rfc-editor.org/rfc/rfc5869
|
|
- **Description**: Key derivation from existing key material (not passwords)
|
|
|
|
### RFC 9106 - Argon2 Memory-Hard Function
|
|
- **URL**: https://www.rfc-editor.org/rfc/rfc9106
|
|
- **Description**: Argon2 password hashing / key derivation specification
|
|
- **Recommended variant**: Argon2id (hybrid of Argon2i and Argon2d)
|
|
|
|
## Compliance Frameworks
|
|
|
|
### PCI DSS v4.0 - Requirement 3
|
|
- Encrypt stored cardholder data with strong cryptography
|
|
- AES-256 meets the strong cryptography requirement
|
|
- Key management procedures required
|
|
|
|
### HIPAA Security Rule - 45 CFR 164.312(a)(2)(iv)
|
|
- Encryption of ePHI at rest is an addressable implementation specification
|
|
- AES-256 is an acceptable encryption method
|
|
|
|
### GDPR Article 32 - Security of Processing
|
|
- Encryption is listed as an appropriate technical measure
|
|
- AES-256 satisfies encryption requirements for personal data protection
|
|
|
|
## Python Library References
|
|
|
|
### cryptography (pyca/cryptography)
|
|
- **URL**: https://cryptography.io/en/latest/
|
|
- **PyPI**: https://pypi.org/project/cryptography/
|
|
- **AES-GCM**: `cryptography.hazmat.primitives.ciphers.aead.AESGCM`
|
|
- **PBKDF2**: `cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`
|
|
|
|
### PyCryptodome
|
|
- **URL**: https://pycryptodome.readthedocs.io/
|
|
- **PyPI**: https://pypi.org/project/pycryptodome/
|
|
- **AES-GCM**: `Crypto.Cipher.AES` with `MODE_GCM`
|