• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Is RC4 and MD5 PCI-compliant?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware

View previous topic :: View next topic  
Author Message
synonymous2
Just Arrived
Just Arrived


Joined: 18 Nov 2010
Posts: 0


Offline

PostPosted: Thu Nov 18, 2010 10:30 pm    Post subject: Is RC4 and MD5 PCI-compliant? Reply with quote

I'm trying to set up a web server according to PCI 1.2. Can this server have RC4 cipher and MD5 hashes enabled? The "Strong cryptography" does not specify this explicitly.
Back to top
View user's profile Send private message
krugger
SF Mod
SF Mod


Joined: 08 Jun 2006
Posts: 16777209


Offline

PostPosted: Fri Nov 19, 2010 1:30 pm    Post subject: Reply with quote

The whole idea of not chosing a explicit algorithm is to allow people to choose what suits them and make the standard last longer.

So you should try and and get something stronger than RC4/MD5.
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Fri Nov 19, 2010 11:01 pm    Post subject: Reply with quote

Hi synonymous2,

PCI is not a technical specification. Although it does make technical recommendations such as not using WEP.

For technical guidance with regards to cryptographic algorithms I suggest you look at NIST FIPS 140-2 Approved algorithms.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

Krugger is correct, you should not use these algorithms.

Fire Ant
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Software and Hardware All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register