Hi All
A great day indeed:
ML-KEM (formerly Kyber):
https://lnkd.in/eFfWjpqA
ML-DSA (formerly Dilithium):
https://lnkd.in/edAyb3ZX
SLH-DSA (formerly SPHINCS+):
https://lnkd.in/eJZfvZmq
Regards
Caute_Cautim
It will be a better day when the encryption standards have been incorporated into the various protocols (looking at you, TLS) and vendors start implementing them so that we can enable it as an option.
I look at this development as moving from fear-mongering to vaporware. Next comes prototyptes, beta releases, full releases, deprecation of the old stuff and finally end-of-life for the old stuff.
Hi @denbesten The real panic will occur, when RSA is broken by Quantum Computers, then all payment systems around the world will go into a spin - as the majority of them use them for Blockchain, Bitcoin, cryptocurrency exchanges, Telecommunications, Medical devices and then add Public Key Infrastructure (PKI) suddenly redundant. The warning is there prepare to be Crypto Agile, and finding out where your current cryptographic algorithms are resident within applications, systems and devices - build a Cryptographic Bill of Materials (CBOM) and start planning.
State Nations are already stepping up actions against others, doing the Harvest Now Decrypt Later (HNDL) game, it is only a matter of time before this occurs.
Remember it took the Payment Industry six years to convert from SSL to TLS V1.2 - so this is good notification, rather than waiting for panic to set in, when it is far too late.
Regards
Caute_Cautim
Agree that there is an arms-race here. The limitation for those at my pay-grade is that I must depend upon my software suppliers, web site owners, etc. to do their part. My contribution boils down to "keep current with patches and updates, much like any other upgrade.
@denbestenLets hope that someone is strategizing and envisaging the near future.
Regards
Caute_Cautim
I agree that we’re definitely in an arms race here. The challenge for those of us at my level is that we rely heavily on our software providers, website administrators, and others to uphold their end of the bargain. My role largely comes down to keeping current with patches and updates, GBWA , much like managing any other kind of upgrade.
gbapponline.com
@michaljordan @denbesten There is nothing wrong in directing communications to those responsible to ask the question how is this company preparing for Post Quantum Cryptography (PQC)? The worst they can do is bite your head off, or provide a snide remark or simply ignore your question.
Perhaps it may prompt a conversation, and lead to other things to some positive outcomes.
There is plenty of papers within this community, which have been written by various industries including Telecommunications, Banking sectors. I am sure I could dig out many more.
Regards
Caute_Cautim
This is a huge step forward! The release of these post-quantum encryption standards is a major milestone in protecting data against future quantum threats. It's great to see NIST leading the way in this crucial area, and I completely agree that transitioning to these new standards should be a top priority for system administrators. It’s a forward-thinking move that will help safeguard everything from sensitive communications to financial transactions in the years to come.
@JohnMansoryyy As long as organisations take action and do something about and not leave until the Chinese have officially broken public key cryptography using Quantum Computing as all hell will break loose in panic mode.... which is definitely not good at all.
Regards
Caute_Cautim
The release of the first three finalized post-quantum encryption standards by NIST is a significant step toward securing digital systems against the future threat of quantum computing. These standards will enhance data protection and ensure cybersecurity resilience. Just as a grease pump maintains machinery efficiency by delivering precise lubrication, these encryption standards are crucial for safeguarding sensitive information and maintaining the integrity of digital communications in the quantum era.