RSS
 

Archive for the ‘Cryptography’ Category

Six Months Left for SHA1, Two-Key Triple DES and SKIPJACK

01 Jul

In a Discussion Paper titled “The Transitioning of Cryptographic Algorithms and Key Sizes” NIST summarizes which cryptographic algorithms will no longer be allowed in secure applications once 2010 is over.

Encryption Algorithms

Two-Key Triple DES and SKIPJACK will be disallowed on January 1, 2011.

Three-Key Triple DES and AES will continue to be allowed.

Signature Generation

New signatures generated in support of data authentication or software and firmware tests which are less than 112 bits in length will be disallowed on January 1, 2011.

In addition to these changes, NIST will be looking for a number of other stringent requirements (as spelled out in NIST 186-3) for new validations once the year turns to 2011.

Random Number Generation

New validations must conform to SP 800-90 (HASH, HMAC, CTR, DUAL_EC) on or after January 1, 2011.

Key Agreement

New validations may no longer depend on non-tested Diffie-Hellman (DH) or MQV primitives on or after January 1, 2011.  Instead, new validations must use SP 800-56A primitives or one of the specifically approved key derivation functions (KDFs).

Hashes

Unless keyed in the manner of a digital signature (see related section above), the use of SHA-1 hashes is disallowed on January 1, 2010 and beyond.  Instead, digital signatures (essentially “keyed hashes”) or stronger hash algorithms such as SHA-224, SHA-256, SHA-384 or SHA-512 must be used.

 
Comments Off

Posted in Cryptography, FIPS, Regulation