8. Security Considerations
Key Security Points
8.1 Key Selection
- Use sufficiently long keys
- Follow algorithm-specific key size requirements
- RSA: Minimum 2048 bits
- HMAC: At least the same size as hash output
8.2 Random Number Generation
- Use cryptographically secure random number generators
- Ensure sufficient entropy
8.3 Algorithm Selection
- Prioritize recommended algorithms
- Avoid deprecated or algorithms with known weaknesses
- RSA1_5 has Bleichenbacher attack vulnerability
8.4 Timing Attack Protection
- HMAC verification uses constant-time comparison
- Avoid leaking timing information
8.5 "none" Algorithm Warning
- Do not accept Unsecured JWS by default
- Use only when explicitly needed
- Implementations MUST require explicit enabling
8.6 Key Management
- Properly protect private and symmetric keys
- Use appropriate key distribution mechanisms
- Consider key rotation strategies
8.7 Encryption Considerations
- Use authenticated encryption
- Validate AAD (Additional Authenticated Data)
- Properly handle initialization vectors
Implementation Recommendations:
- Keep libraries and algorithm implementations updated
- Follow latest security best practices
- Regularly review security advisories and errata