
"It addresses", says the report, "the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and sensitive data of the citizens." It is ENISA's first report "consisting of recommendations addressing cryptographic algorithms, sizes and parameters," and will be followed by further reports in the future.
Although the technical content is detailed, it focuses on two high level questions: is companies' existing use of cryptography (legacy systems) adequate; and what should be used for future new cryptographic implementations. As the document progresses through a description of the various algorithms, it provides specific observations: for example, for RIPEMD-160 it comments, "It is anticipated that collision attacks on RIPEMD-160 are likely to be found on reduced round versions in the near future." Other hash functions such as RIPEMD-128 and MD-5 are specifically not recommended.
The purpose is to help companies that already use encryption to gauge whether their existing implementations (which it describes as 'legacy' systems) are adequate going forwards, and to help those companies moving towards new implementations choose which algorithms to use.
"Our first recommendation," says the report, "is that if a scheme is not considered suitable for legacy use, or is only considered for such use with certain caveats, then this should be taken as a strong recommendation that the primitive, scheme or protocol be replaced as a matter of urgency."
For new implementations it suggests that adequacy will require that encryption generally will have proofs of security, will have key sizes equivalent to 128-bit symmetric security or more, will have no structural weaknesses, will have been well studied, will have been been standardized, and will have a reasonably-sized existing user base. "Thus the second recommendation," says the report, "is that decision-makers now make plans and preparations for the phasing out of what we term legacy mechanisms over a period of say 5-10 years, and replacing them with systems we deem secure for future use."
The report was edited by Nigel Smart, Professor of Cryptology at Bristol University, with contributions from Gaven Watson and Bogdan Warinschi (Bristol University), and Vincent Rijmen (University of Leuven, Belgium).