ACIL FM
Dark
Refresh
Current DIR:
/usr/share/crypto-policies/policies
/
usr
share
crypto-policies
policies
Upload
Zip Selected
Delete Selected
Pilih semua
Nama
Ukuran
Permission
Aksi
modules
-
chmod
Open
Rename
Delete
DEFAULT.pol
2.55 MB
chmod
View
DL
Edit
Rename
Delete
EMPTY.pol
277 B
chmod
View
DL
Edit
Rename
Delete
FIPS.pol
2.12 MB
chmod
View
DL
Edit
Rename
Delete
FUTURE.pol
2.56 MB
chmod
View
DL
Edit
Rename
Delete
LEGACY.pol
2.71 MB
chmod
View
DL
Edit
Rename
Delete
Edit file: /usr/share/crypto-policies/policies/FUTURE.pol
# A level that will provide security on a conservative level that is # believed to withstand any near-term future attacks. And also provide # some (not complete) preparation for post quantum encryption support # in form of 256 bit symmetric encryption requirement. # It provides at least an 128-bit security. This level may prevent # communication with many used systems that provide weaker security levels # (e.g., systems that use SHA-1 as signature algorithm). # MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers, no CBC ciphers # non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers, CBC only for Kerberos # key exchange: ECDHE, DHE (no DHE-DSS) # DH params size: >= 3072 # RSA params size: >= 3072 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 hash@RPM = SHA1+ sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \ AES-256-CTR cipher@Kerberos = AES-256-CBC+ cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 cipher@RPM = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 3072 min_dsa_size = 3072 # DSA is disabled min_rsa_size = 3072 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@ssh = ANY
Simpan
Batal
Isi Zip:
Unzip
Create
Buat Folder
Buat File
Terminal / Execute
Run
Chmod Bulk
All File
All Folder
All File dan Folder
Apply