Which of the following are not considered NGE cryptographic algorithms and should be avoided according to Cisco? (Select 2 choices.)
DiffieHellman (DH) with a 768bit modulus (DH768) and DH with a 1,024bit modulus (DH1024) are not considered Next Generation Encryption (NGE) cryptographic algorithms and should be avoided according to Cisco. NGE algorithms are a collection of cryptographic technologies that are efficient, scalable, and expected to provide reliable security for at least the next decade. Because of recent advances in computing power, many cryptographic algorithms no longer provide adequate security. DH768 and DH1024 do not provide a level of security that is likely to meet the confidentiality requirements of the enterprise over the next decade.
Increasing the modulus size used by an algorithm can provide a higher level of security? however, if the algorithm is inherently inefficient, the increased modulus size can adversely affect the performance of the device using the algorithm. For maximum security without using an NGE, Cisco recommends using DH with a 3,072bit modulus (DH3072)? however, because DH is not particularly efficient when configured with a large modulus, Cisco considers a 2,048 bit modulus as an acceptable compromise between security and efficiency. Any modulus size less than 2,048 bits, such as 1,024 bits or 758 bits, is not considered to provide an acceptable level of security.
ECDH384, Secure Hash Algorithm (SHA) with a 256bit digest (SHA256), and SHA with a 512bit digest (SHA512) are all considered NGE cryptographic algorithms according to Cisco. SHA256 and SHA512 are components of the set of cryptographic algorithms known as SHA2.