Author: synonymous2, Posted: Thu Nov 18, 2010 10:30 pm Post subject: Is RC4 and MD5 PCI-compliant? ---- I'm trying to set up a web server according to PCI 1.2. Can this server have RC4 cipher and MD5 hashes enabled? The "Strong cryptography" does not specify this explicitly.
Author: krugger, Posted: Fri Nov 19, 2010 1:30 pm Post subject: ---- The whole idea of not chosing a explicit algorithm is to allow people to choose what suits them and make the standard last longer.
So you should try and and get something stronger than RC4/MD5.
Author: Fire Ant, Location: LondonPosted: Fri Nov 19, 2010 11:01 pm Post subject: ---- Hi synonymous2,
PCI is not a technical specification. Although it does make technical recommendations such as not using WEP.
For technical guidance with regards to cryptographic algorithms I suggest you look at NIST FIPS 140-2 Approved algorithms.