Difference between revisions of "Suite B"
(→Full Title or Meme) |
|||
| Line 2: | Line 2: | ||
A list of the cryptographic algorithms that are approved for use in the US Federal Government. | A list of the cryptographic algorithms that are approved for use in the US Federal Government. | ||
| − | ==Replacements | + | ==Replacements== |
* [https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF ed the “Commercial National Security Algorithm Suite 2.0” (CNSA 2.0) Cybersecurity Advisory (CSA)} | * [https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF ed the “Commercial National Security Algorithm Suite 2.0” (CNSA 2.0) Cybersecurity Advisory (CSA)} | ||
===CNSA version 1.0=== | ===CNSA version 1.0=== | ||
| Line 37: | Line 37: | ||
Web site: https://pomcor.com | Web site: https://pomcor.com | ||
</pre> | </pre> | ||
| + | |||
==References== | ==References== | ||
[[Category: Cryptography]] | [[Category: Cryptography]] | ||
Revision as of 13:55, 6 October 2022
Full Title or Meme
A list of the cryptographic algorithms that are approved for use in the US Federal Government.
Replacements
- [https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF ed the “Commercial National Security Algorithm Suite 2.0” (CNSA 2.0) Cybersecurity Advisory (CSA)}
CNSA version 1.0
In 2015 the NSA abruptly replaced "Suite B" with a "CNSA Suite", saying that "the growth of elliptic curve use has bumped up against the fact of continued progress in the research on Quantum Computing Threat, which has made it clear that elliptic curve cryptography is not the long term solution many once hoped it would be." This gave rise to much speculation on possible motives for the switch. In January, NSA published a long list of FAQs that discussed those motives in detail, and called for an effort to standardize quantum-resistant cryptographic algorithms. Earlier this month, NIST published a Report on Post-Quantum Cryptography that announces such a standardization effort.
I have written a blog post summarizing last summer's announcement and the FAQs, with links to all the documents.
The FAQs make sense, but do not explain one detail: why DSA has been omitted from the CNSA Suite. In the blog post I argue that DSA is being dropped at the wrong time. Another omission in the CNSA Suite is the requirement to provide forward secrecy in key establishment that was present in Suite B. Surprisingly, this comes at a time when forward secrecy is becoming the norm on the web.
Francisco Corella, PhD Founder & CTO, Pomcor Phone: +1.619.770.6765 Email: fcorella@pomcor.com Twitter: @fcorella Blog: https://pomcor.com/blog/ Web site: https://pomcor.com
