Security answers required for Dwolla integration

Can anyone answer the questions on the Dwolla form?

  • Data encryption in transit: Encrypted with TLS 1.2 or greater?
  • Passwords: Salted with a random value before hashing? (believe yes)
  • Passwords: Usage of a work-factor based (KDF) hashing function consistent with Dwolla’s baseline parameters in the integration guide?
  • Data encryption at rest: Encrypted with AES128 or AES 256, using a cipher mode other than ECB?
  • Data encryption at rest: Encrypted with ChaCha/Poly?
  • Data encryption at rest: Encrypted with NaCl Library?
  • Data encryption at rest: Encryption keys are rotated at least annually (key wrapping is okay)?

Thanks for any direct answers to these questions!