Symmetric Cryptosystem:

A method of encryption in which the same key is used for both encryption and decryption of the data.

Asymmetric Cryptosystem:

A method of encryption in which two different keys are used: one for encrypting and one for decrypting the data (e.g., public-key encryption).

One-way Hash Function:

An algorithm that does not require a key and produces an irreversibly encrypted cipher-text. Other names for this algorithm are message digest, fingerprint, digital signature and compression function.

A.  Restricted data which is encrypted and stored on Longwood-managed resources and/or systems should have:

• Symmetric cryptosystem key lengths that must be at least 128 bits
• Asymmetric cryptosystem keys that must be of a length that yields equivalent strength

B.  Restricted data which is encrypted by Longwood-managed resources and/or systems for transmission should use:

• Web server certificates and web servers which support SSLv3/TLSv1 in strong encryption mode (128 bit or higher symmetric/bulk encryption, 1024 bit or higher public key encryption)
  • For public facing resources: Certificates must be issued by a trusted certificate authority as approved by the Chief Information Officer.
  • For non-public facing resources: Self-signed certificates may only be used for the purpose of managing such resources.
• SSL to wrap any cleartext protocol/service not encrypted via another method
• SSH 2
• Kerberos
• PCAnywhere
• PGP
• Terminal Services
• EAP, IPSec
• WPA2

Approved by the Chief Information Officer, April 1, 2005.
Revised and approved by the Chief Information Officer, September 15, 2006.
Revised and approved by the Chief Information Officer, July 29, 2008.
Revised and approved by the Chief Information Officer, October 21, 2008.
Revised and approved by the Chief Information Officer, February 24, 2011.