Loading EN-304-618.md +2 −31 Original line number Diff line number Diff line Loading @@ -2083,35 +2083,6 @@ Unprotected or unreliable time source mechanisms. - **R19.3**: SHALL maintain monotonic clock for security events - **R19.4**: SHALL implement time synchronization monitoring ### Capability Cryptographically secure random password generation with configurable parameters. ### Condition Password generator using predictable or weak randomness sources. ### Threat - **T7.1**: Predictable password generation enabling pre-computation attacks - **T7.2**: Insufficient entropy in generated passwords - **T7.3**: Side-channel leakage of generation parameters - **T7.4**: Compromise of random number generator state ### Risk **MEDIUM** - Weak password generation undermines security premise. Likelihood depends on implementation quality. ### Requirement - **R7.1**: SHALL use cryptographically secure random number generator (CSRNG) - **R7.2**: SHALL provide minimum 128 bits of entropy for generated passwords - **R7.3**: SHALL allow user-defined generation parameters - **R7.4**: SHALL implement secure random seed initialization - **R7.5**: SHALL NOT store or log generated passwords before user acceptance # Annex A: Risk Assessment for Deployment Models ## Annex A.1: Local Password Manager Risk Assessment Loading Loading @@ -2758,7 +2729,7 @@ purpose of this is to help identify missing technical security requirements.* | Secure by default configuration | R18.1a; R18.2; R18.3; | | Secure updates | R16.1a; R16.1b; R16.2; R16.3; R16.4; | | Authentication and access control mechanisms | R1.1; R1.5a; R11.1; R11.2; R11.3; R11.4a; R12.1; R12.2a; R12.2b; | | Confidentiality protection | | | Confidentiality protection | R2.1a; R2.5; R13.1; R13.2; R13.3; | | Integrity protection for data and configuration | | Data minimization | | | Availability protection | | Loading Loading
EN-304-618.md +2 −31 Original line number Diff line number Diff line Loading @@ -2083,35 +2083,6 @@ Unprotected or unreliable time source mechanisms. - **R19.3**: SHALL maintain monotonic clock for security events - **R19.4**: SHALL implement time synchronization monitoring ### Capability Cryptographically secure random password generation with configurable parameters. ### Condition Password generator using predictable or weak randomness sources. ### Threat - **T7.1**: Predictable password generation enabling pre-computation attacks - **T7.2**: Insufficient entropy in generated passwords - **T7.3**: Side-channel leakage of generation parameters - **T7.4**: Compromise of random number generator state ### Risk **MEDIUM** - Weak password generation undermines security premise. Likelihood depends on implementation quality. ### Requirement - **R7.1**: SHALL use cryptographically secure random number generator (CSRNG) - **R7.2**: SHALL provide minimum 128 bits of entropy for generated passwords - **R7.3**: SHALL allow user-defined generation parameters - **R7.4**: SHALL implement secure random seed initialization - **R7.5**: SHALL NOT store or log generated passwords before user acceptance # Annex A: Risk Assessment for Deployment Models ## Annex A.1: Local Password Manager Risk Assessment Loading Loading @@ -2758,7 +2729,7 @@ purpose of this is to help identify missing technical security requirements.* | Secure by default configuration | R18.1a; R18.2; R18.3; | | Secure updates | R16.1a; R16.1b; R16.2; R16.3; R16.4; | | Authentication and access control mechanisms | R1.1; R1.5a; R11.1; R11.2; R11.3; R11.4a; R12.1; R12.2a; R12.2b; | | Confidentiality protection | | | Confidentiality protection | R2.1a; R2.5; R13.1; R13.2; R13.3; | | Integrity protection for data and configuration | | Data minimization | | | Availability protection | | Loading
