https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69376#M6849 <P>Hi <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1378968949">@tolda3000</a>&nbsp;&nbsp; If you do a search on the community, I have been posting updates in various places to raise awareness for some time.&nbsp; Please feel free to read, digest, comment or add to the growing collection of articles and references.</P><P>&nbsp;</P><P>I agree, spinning tires and waiting for the official release of the NIST approved PQC algorithms is possible a month or two away, but once it hits the road, everyone should be taking it seriously.</P><P>&nbsp;</P><P>We don't want another SSL V2 migration to TLS V1.2 issue to turn up (it took six years, two of which they rejected it) because, it will be far too late, for organisations to do their own crypto analysis, and prepare for the multitude of changes required including Key Management systems too.&nbsp; This is significant.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 11 Apr 2024 04:53:34 GMT Caute_cautim 2024-04-11T04:53:34Z https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69369#M6847 <P>Hi All</P><P>&nbsp;</P><UL class=""><LI>The impact of quantum computing on cryptography poses a <STRONG>serious threat</STRONG> <span class="lia-unicode-emoji" title=":warning:">⚠️</span> to the sustainability of a <STRONG>secure digital society</STRONG>.</LI><LI>This risk <STRONG>could be realized </STRONG>when there is a <STRONG>sufficiently powerful quantum computer </STRONG><span class="lia-unicode-emoji" title=":desktop_computer:">🖥</span>️, estimated throughout the <STRONG>2030s</STRONG> if there is no acceleration in development; or before, due to the emergence of previously unidentified vulnerabilities, or improvements in classical cryptoanalysis.</LI><LI><STRONG>Cryptography management</STRONG> has traditionally been a <STRONG>complex, undermanaged issue</STRONG>. In general, companies 🧑‍<span class="lia-unicode-emoji" title=":laptop_computer:">💻</span> are not able to quickly modify their cryptographic algorithms.</LI><LI>There is a great <STRONG>global </STRONG><span class="lia-unicode-emoji" title=":globe_showing_europe_africa:">🌍</span><STRONG>effort</STRONG> to <STRONG>standardize</STRONG> and <STRONG>adopt secure cryptography </STRONG>against quantum computing, as well as to <STRONG>improve cryptography management </STRONG>in organizations. This effort is also reflected in various <STRONG>regulations</STRONG>, which establish in 2025 the first milestones of improvement and transition.</LI></UL><P><A href="https://medium.com/be-tech-with-santander/impact-of-quantum-computing-on-cryptography-953db076651b" target="_blank" rel="noopener">https://medium.com/be-tech-with-santander/impact-of-quantum-computing-on-cryptography-953db076651b</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 11 Apr 2024 00:44:11 GMT https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69369#M6847 Caute_cautim 2024-04-11T00:44:11Z https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69372#M6848 <P>Thanks for posting! I agree, InfoSec staff should already be planing for the eventuality of quantum computing, as well as, other emerging technologies that will render current encryption standards irrelevant. An ad-hoc search doesn't yield as many recent results as I would like to see...disconcerting to say the least!</P><P>&nbsp;</P><P>At least NIST has published a few articles that could give CISOs, CISSPs, and security teams a place to start.&nbsp;</P><P>&nbsp;</P><P>This is a bit dated:&nbsp;<FONT size="4">NIST Announces First Four Quantum-Resistant Cryptographic Algorithms</FONT></P><P><A href="https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms" target="_blank" rel="noopener">https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms</A></P><P>&nbsp;</P><P>Here is a more recent article: NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers -- Three new algorithms are expected to be ready for use in 2024. Others will follow.<BR />August 24, 2023</P><P>&nbsp;</P><P>Each new publication is a draft Federal Information Processing Standard (FIPS) concerning one of the four algorithms NIST selected in July 2022:&nbsp;</P><UL><LI>CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in<SPAN>&nbsp;</SPAN><A href="https://csrc.nist.gov/pubs/fips/203/ipd" target="_blank" rel="noopener">FIPS 203</A>.&nbsp;</LI><LI>CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in<SPAN>&nbsp;</SPAN><A href="https://csrc.nist.gov/pubs/fips/204/ipd" target="_blank" rel="noopener">FIPS 204</A>.</LI><LI>SPHINCS+, also designed&nbsp;for digital signatures, is covered in<SPAN>&nbsp;</SPAN><A href="https://csrc.nist.gov/pubs/fips/205/ipd" target="_blank" rel="noopener">FIPS 205</A>.</LI><LI>FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.</LI></UL><P><SPAN>Two of the three post-quantum methods for digital signatures selected thus far are based on a single mathematical idea called&nbsp;</SPAN><A title="NIST Reveals 26 Algorithms Advancing to the Post-Quantum Crypto ‘Semifinals’" href="https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals" target="_blank" rel="noopener">structured lattices</A><SPAN>.&nbsp;</SPAN></P><P>&nbsp;</P><P><A href="https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-attack-quantum-computers" target="_blank" rel="noopener">https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-attack-quantum-computers</A></P><P>&nbsp;</P> Thu, 11 Apr 2024 04:13:25 GMT https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69372#M6848 tolda3000 2024-04-11T04:13:25Z https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69376#M6849 <P>Hi <a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1378968949">@tolda3000</a>&nbsp;&nbsp; If you do a search on the community, I have been posting updates in various places to raise awareness for some time.&nbsp; Please feel free to read, digest, comment or add to the growing collection of articles and references.</P><P>&nbsp;</P><P>I agree, spinning tires and waiting for the official release of the NIST approved PQC algorithms is possible a month or two away, but once it hits the road, everyone should be taking it seriously.</P><P>&nbsp;</P><P>We don't want another SSL V2 migration to TLS V1.2 issue to turn up (it took six years, two of which they rejected it) because, it will be far too late, for organisations to do their own crypto analysis, and prepare for the multitude of changes required including Key Management systems too.&nbsp; This is significant.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 11 Apr 2024 04:53:34 GMT https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69376#M6849 Caute_cautim 2024-04-11T04:53:34Z https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69377#M6850 I still have night terrors about SSL/TLS migration and experienced the same resistance, state and local govt agencies, to upgrading. 80/20 rule very well applied. Thank you for guiding me to your posts, I’m new to the ISC2 boards, I WILL find your articles and get caught up, promise! Hopefully I can help raise awareness and inspire security advocates to elevate discussion on this subject. Be well! Thu, 11 Apr 2024 05:28:38 GMT https://community.isc2.org/t5/Industry-News/Impact-of-Quantum-Computing-on-Cryptography/m-p/69377#M6850 tolda3000 2024-04-11T05:28:38Z