Cryptographic algorithms life cycle reports

Over the years, the Information System Authority has ordered a number of different reports on the life cycle of cryptographic algorithms in order to facilitate the development of Estonian IT solutions and replace the current cryptographic algorithms with new and more secure ones over time.

  • Cryptographic Algorithms Lifecycle Report 2017

    Show Hide

    At the end of 2017, the Information System Authority ordered a Cryptographic Algorithms Lifecycle Report from AS Cybernetica which focuses on three main subjects:

    • the current status of cryptographic algorithms
    • a description of an ID-card incident
    • an overview of blockchains as cryptographic applications

    “This report is a necessary tool for us,” commented Taimar Peterkop, Head of RIA, “helping us map the situation and choose important directions for ensuring cybersecurity as well as promoting the field of eID.”

    The report is in Estonian and can be viewed here:

    Hide
  • Cryptographic Algorithms Lifecycle Report 2016

    Show Hide

    In the 2016 report, we give an overview of the main types of exposure and discovered errors of the applications using cryptography published within a year, the opportunities and costs of breaking RSA, the security situation of hash functions, the possibility of cloud computing in the context of different dependency models, post-quantum cryptography as well as the security of the solutions used daily for identifying and authorising persons.

    The report also contains a thorough overview of quantum computers and the possibility of their use in breaking cryptography.

    The report is in English and can be viewed here:

    Hide
  • Cryptographic Algorithms Lifecycle Report 2015

    Show Hide

    “Cryptography is gradually eroding according to the growth of computing capacity,” said Toomas Vaks, Deputy Director General of RIA Cyber Security. “We must all abandon up to 1024-bit keys in the event of RSA and cryptosystems based on discreet logarithm. Within the next five years, 2048-bit keys and, in the medium term, at least 3072-bit keys are suitable for use.”

    The report is in Estonian and can be viewed here:

    The report was conducted by Cybernetica AS and ordered by the Information System Authority (RIA).

    This version has more than 10 authors and 109 source references.

    Hide
  • Uses of Cryptographic Algorithms Lifecycle Report 2013

    Show Hide

    The report gives many recommendations and instructions on how to prevent possible cryptography-related weaknesses in public authorities as well as in the private sector based on scientific literature and international reports.

    The report contains specific recommendations on which widely used algorithms to trust in the coming years and which should be avoided. In five years the cryptographic methods TDEA/3DES and in two years SHA-1 and RSA-1024 methods must be renewed. For example, the keys of RSA-1024 and 3DES are still used in some personal identification documents (ID-cards, digi-ID and mobile-ID issued before 2011).

    Due to the weakening of SHA-1, RIA has set a goal to promote the implementation of the digital signature in BDOC format during 2014 and give up using DDOC digital signatures in ID-card basic software within 2015. Unlike DDOC format, BDOC format supports using stronger SHA-2 family hashes.

    The report has been prepared in Estonian and can be viewed here:

    The report was written in 2013 with a five year horizon.

    The report was conducted by Cybernetica AS and ordered by the Information System Authority (RIA).

    Hide
  • Uses of Cryptographic Algorithms Lifecycle Report 2011

    Show Hide

    he report presents recommendations for using cryptographic methods in ensuring security of information systems. The results of the report are aimed at software architects, IT auditors and other technical specialists, who participate in creating new information systems and organising information security.

    The report includes symmetric and asymmetric encryption algorithms and hash function algorithms, and gives recommendations for the use, use times, parameters as well as use restrictions of various algorithms. The report also contains an analysis of the effect of changing algorithms to web servers, public key infrastructure and major information systems. The report recommends using verifiably secure protocols.

    The report has been prepared in Estonian and can be viewed here:

    The report was written in 2011 with a five year horizon. 

    The report was ordered by the Information System Authority in cooperation with the Ministry of Economic Affairs and Communications and was conducted by AS Cybernetica.

    The report was financed by the European Regional Development Fund under EU structural funds support scheme “Raising Public Awareness of the Information Society”.

    Hide