KoalaFacts · ldsenow · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025
diff --git a/src/HeroCrypt/Security/InputValidator.cs b/src/HeroCrypt/Security/InputValidator.cs
@@ -16,9 +16,9 @@ public static class InputValidator
     public const int MaxKeySizeBits = 16384; // 16KB keys
 
     /// <summary>
-    /// Minimum secure key size in bits
+    /// Minimum secure key size in bits (2048 bits per NIST recommendations)
     /// </summary>
-    public const int MinSecureKeySizeBits = 1024;
+    public const int MinSecureKeySizeBits = 2048;
 
     /// <summary>
     /// Maximum allowed iteration count for key derivation
@@ -69,12 +69,12 @@ public static void ValidateRsaKeySize(int keySizeBits, string parameterName)
             throw new ArgumentException($"RSA key size {keySizeBits} must be a multiple of 8", parameterName);
 
         // Ensure key size is reasonable (power of 2 or common sizes)
-        var commonSizes = new[] { 1024, 2048, 3072, 4096, 8192, 16384 };
+        var commonSizes = new[] { 2048, 3072, 4096, 8192, 16384 };
         if (!commonSizes.Contains(keySizeBits))
         {
             // Allow other sizes but warn if they're not common
             if (!IsPowerOfTwo(keySizeBits) && keySizeBits % 1024 != 0)
-                throw new ArgumentException($"RSA key size {keySizeBits} is not a standard size. Use 1024, 2048, 3072, 4096, 8192, or 16384", parameterName);
+                throw new ArgumentException($"RSA key size {keySizeBits} is not a standard size. Use 2048, 3072, 4096, 8192, or 16384", parameterName);
         }
     }
 

diff --git a/src/HeroCrypt/Services/Blake2bHashingService.cs b/src/HeroCrypt/Services/Blake2bHashingService.cs
@@ -11,19 +11,15 @@ namespace HeroCrypt.Services;
 public class Blake2bHashingService : IBlake2bService
 {
     private readonly ILogger<Blake2bHashingService>? _logger;
-    private readonly ISecureMemoryManager? _memoryManager;
 
     /// <summary>
     /// Initializes a new instance of the Blake2bHashingService.
     /// </summary>
     /// <param name="logger">Optional logger for operation tracking.</param>
-    /// <param name="memoryManager">Optional secure memory manager for handling sensitive data.</param>
     public Blake2bHashingService(
-        ILogger<Blake2bHashingService>? logger = null,
-        ISecureMemoryManager? memoryManager = null)
+        ILogger<Blake2bHashingService>? logger = null)
     {
         _logger = logger;
-        _memoryManager = memoryManager;
     }
 
     /// <inheritdoc/>

diff --git a/src/HeroCrypt/Services/CryptographicKeyGenerationService.cs b/src/HeroCrypt/Services/CryptographicKeyGenerationService.cs
@@ -13,20 +13,16 @@ namespace HeroCrypt.Services;
 public sealed class CryptographicKeyGenerationService : ICryptographicKeyGenerationService
 {
     private readonly ILogger<CryptographicKeyGenerationService>? _logger;
-    private readonly ISecureMemoryManager? _memoryManager;
     private readonly RandomNumberGenerator _rng;
 
     /// <summary>
     /// Initializes a new instance of the cryptographic key generation service
     /// </summary>
     /// <param name="logger">Optional logger instance</param>
-    /// <param name="memoryManager">Optional secure memory manager</param>
     public CryptographicKeyGenerationService(
-        ILogger<CryptographicKeyGenerationService>? logger = null,
-        ISecureMemoryManager? memoryManager = null)
+        ILogger<CryptographicKeyGenerationService>? logger = null)
     {
         _logger = logger;
-        _memoryManager = memoryManager;
         _rng = RandomNumberGenerator.Create();
 
         _logger?.LogDebug("Cryptographic Key Generation Service initialized");

diff --git a/src/HeroCrypt/Services/RsaDigitalSignatureService.cs b/src/HeroCrypt/Services/RsaDigitalSignatureService.cs
@@ -12,25 +12,21 @@ namespace HeroCrypt.Services;
 public sealed class RsaDigitalSignatureService : IDigitalSignatureService
 {
     private readonly ILogger<RsaDigitalSignatureService>? _logger;
-    private readonly ISecureMemoryManager? _memoryManager;
     private readonly int _keySize;
 
     /// <summary>
     /// Initializes a new instance of the RSA digital signature service
     /// </summary>
     /// <param name="keySize">RSA key size in bits (default: 2048)</param>
     /// <param name="logger">Optional logger instance</param>
-    /// <param name="memoryManager">Optional secure memory manager</param>
     public RsaDigitalSignatureService(
         int keySize = 2048,
-        ILogger<RsaDigitalSignatureService>? logger = null,
-        ISecureMemoryManager? memoryManager = null)
+        ILogger<RsaDigitalSignatureService>? logger = null)
     {
         InputValidator.ValidateRsaKeySize(keySize, nameof(keySize));
 
         _keySize = keySize;
         _logger = logger;
-        _memoryManager = memoryManager;
 
         _logger?.LogDebug("RSA Digital Signature Service initialized with {KeySize}-bit keys", keySize);
     }