PD ISO/TR 14742:2010
Current
The latest, up-to-date edition.
Financial services. Recommendations on cryptographic algorithms and their use
Hardcopy , PDF
English
31-08-2010
Important note : Users cannot be edited or removed once added to your Multi user PDF.| Committee |
IST/12
|
| DocumentType |
Standard
|
| Pages |
42
|
| PublisherName |
British Standards Institution
|
| Status |
Current
|
This Technical Report provides a list of recommended cryptographic algorithms for use within applicable financial services standards prepared by ISO/TC68. It also provides strategic guidance on key lengths and associated parameters and usage dates.
The focus is on algorithms rather than protocols, and protocols are in general not included in this Technical Report. However, in some cases, for example for some key agreement and some authentication protocols, there is no “underlying” algorithm, and in a sense it is the protocol that constitutes the algorithm. In this case, the mechanisms are included, in particular where they have security parameters that can be adjusted for higher or lower security.
Algorithmic vulnerabilities or cryptographic keys of inadequate lengths are less often the cause of security compromises in the financial industry than are inadequate key management or other procedural flaws, or mistakes in the implementation of cryptographic algorithms or the protocols that use them. However, compromises caused by algorithmic vulnerabilities are more systemic and harder to recover from than other kinds of compromises.
This Technical Report deals primarily with recommendations regarding algorithms and key lengths.
NOTE Key management is covered in ISO11568-1, ISO11568-2 and ISO11568-4.
The categories of algorithms covered in this Technical Report are:
-
block ciphers;
-
stream ciphers;
-
hash functions;
-
message authentication codes (MACs);
-
asymmetric algorithms:
-
digital signature schemes giving message recovery,
-
digital signatures with appendix,
-
asymmetric ciphers;
-
-
authentication mechanisms;
-
key establishment and agreement mechanisms;
-
key transport mechanisms.
This Technical Report does not define any cryptographic algorithms; however, the standards to which this Technical Report refers may contain necessary implementation information as well as more detailed guidance regarding choice of security parameters, security analysis, and other implementation considerations.
| Standards | Relationship |
| ISO/TR 14742:2010 | Identical |
| ISO/IEC 18031:2011 | Information technology Security techniques Random bit generation |
| ISO/IEC 9798-3:1998 | Information technology Security techniques Entity authentication Part 3: Mechanisms using digital signature techniques |
| ISO/IEC 14888-3:2016 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
| ISO/TR 19038:2005 | Banking and related financial services Triple DEA Modes of operation Implementation guidelines |
| ISO 11568-2:2012 | Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle |
| ISO 8372:1987 | Information processing Modes of operation for a 64-bit block cipher algorithm |
| ISO/IEC 11770-2:2008 | Information technology Security techniques Key management Part 2: Mechanisms using symmetric techniques |
| ISO/IEC 10118-4:1998 | Information technology Security techniques Hash-functions Part 4: Hash-functions using modular arithmetic |
| ISO/IEC 18033-2:2006 | Information technology — Security techniques — Encryption algorithms — Part 2: Asymmetric ciphers |
| ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
| ISO/IEC 9796-3:2006 | Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms |
| ISO/IEC 9798-4:1999 | Information technology Security techniques Entity authentication Part 4: Mechanisms using a cryptographic check function |
| ISO 16609:2012 | Financial services — Requirements for message authentication using symmetric techniques |
| ANSI X9.24-1 : 2017 | RETAIL FINANCIAL SERVICES - SYMMETRIC KEY MANAGEMENT - PART 1: USING SYMMETRIC TECHNIQUES |
| ISO/IEC 9798-2:2008 | Information technology Security techniques Entity authentication Part 2: Mechanisms using symmetric encipherment algorithms |
| ISO/IEC 9798-5:2009 | Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques |
| ISO 11568-1:2005 | Banking — Key management (retail) — Part 1: Principles |
| ISO/IEC 9796-2:2010 | Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms |
| ISO/IEC 9798-6:2010 | Information technology Security techniques Entity authentication Part 6: Mechanisms using manual data transfer |
| FIPS PUB 186 : 0 | DIGITAL SIGNATURE STANDARD (DSS) |
| ISO/IEC 9797-1:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher |
| ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
| ANSI INCITS 92 : 1981 | DATA ENCRYPTION ALGORITHM |
| ISO 9564-2:2014 | Financial services — Personal Identification Number (PIN) management and security — Part 2: Approved algorithms for PIN encipherment |
| ISO 11568-4:2007 | Banking — Key management (retail) — Part 4: Asymmetric cryptosystems — Key management and life cycle |
| ISO/IEC 10118-2:2010 | Information technology Security techniques Hash-functions Part 2: Hash-functions using an n-bit block cipher |
| ISO/IEC 9797-2:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 2: Mechanisms using a dedicated hash-function |
| ISO/IEC 10116:2017 | Information technology — Security techniques — Modes of operation for an n-bit block cipher |
| ISO/IEC 14888-2:2008 | Information technology Security techniques Digital signatures with appendix Part 2: Integer factorization based mechanisms |
| TS 102 176-1 : 2.1.1 | ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); ALGORITHMS AND PARAMETERS FOR SECURE ELECTRONIC SIGNATURES; PART 1: HASH FUNCTIONS AND ASYMMETRIC ALGORITHMS |
| ISO/IEC 18033-4:2011 | Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers |
| ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 9798-1:2010 | Information technology Security techniques Entity authentication Part 1: General |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.