Skip to end of metadata
Go to start of metadata

1.0 Overview

The purpose of this policy is to provide guidance that limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this policy provides direction to ensure that Federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside of the United States.

2.0 Purpose

3.0 Scope

This policy applies to all Clarkson University employees and affiliates. 

4.0 Policy

Proven, standard algorithms such as DES, Blowfish, RSA, RC5, SHA1 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associate's Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie-Hellman, while Secure Socket Layer (SSL) uses RSA encryption.

Key lengths are very important when considering the relative degree of security provided by an encryption scheme.  Longer keys generally provide a higher level of security.  Symmetric cryptosystem key lengths must be at least 128 bits. Asymmetric cryptosystem keys must be at least 1024 bits.  Clarkson University’s key length requirements will be reviewed annually and increased as technology allows.

The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and approved by the Network Security Engineer.

All users should be aware that the export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside.

5.0 Enforcement

6.0 Definitions