Security News

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
2023-02-08 17:18

The U.S. National Institute of Standards and Technology has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things, including its myriad tiny sensors and actuators," NIST said.

NIST Is Updating Its Cybersecurity Framework
2023-01-30 12:13

NIST is planning a significant update of its Cybersecurity Framework. At this point, it's asking for feedback and comments to its concept paper.

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
2022-12-16 07:39

The U.S. National Institute of Standards and Technology, an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks.

NIST says you better dump weak SHA-1 ... by 2030
2022-12-16 02:28

As soon as possible isn't necessarily all that soon: NIST says you should be rid of SHA-1 from your software and systems by December 31, 2030. SHA-1 is among seven hash algorithms approved for use in the Federal Information Processing Standard 180-4.

NIST Retires SHA-1 Cryptographic Algorithm
2022-12-15 16:31

The SHA-1 algorithm, one of the first widely used methods of protecting electronic information, has reached the end of its useful life, according to security experts at the National Institute of Standards and Technology (NIST). The agency is now recommending that IT professionals replace SHA-1, in the limited situations where it is still used, with newer algorithms that are more secure. “We recommend that anyone relying on SHA-1 for security migrate to SHA-2 or SHA-3 as soon as possible,” said NIST computer scientist Chris Celi.

Understanding NIST CSF to assess your organization's Ransomware readiness
2022-12-06 12:15

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable...

NIST’s Post-Quantum Cryptography Standards
2022-08-08 11:20

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer.

IBM puts NIST’s quantum-resistant crypto to work in Z16 mainframe
2022-07-27 06:30

IBM has started offering quantum-resistant crypto - using the quantum-resistant crypto recommended by the US National Institute of Standards and Technology. China is felt to be stealing data today, safe in the knowledge its future quantum computers will be able to decrypt it in the near future.

NIST unveils four quantum-resistant encryption tools to protect sensitive electronic information
2022-07-15 08:00

The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day - such as online banking and email software. This Help Net Security video covers the highlights of four encryption algorithms selected by NIST..

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms
2022-07-06 22:11

The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first set of quantum-resistant encryption algorithms that are designed to "Withstand the assault of a future quantum computer." Quantum computers, should they mature enough, pose a huge impact on the current public-key algorithms, since what could take, say, trillions of years on a conventional computer to find the right key to decode a message could merely take days or hours, rendering them susceptible to brute-force attacks.