Security News
The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day - such as online banking and email software. This Help Net Security video covers the highlights of four encryption algorithms selected by NIST..
The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first set of quantum-resistant encryption algorithms that are designed to "Withstand the assault of a future quantum computer." Quantum computers, should they mature enough, pose a huge impact on the current public-key algorithms, since what could take, say, trillions of years on a conventional computer to find the right key to decode a message could merely take days or hours, rendering them susceptible to brute-force attacks.
The Department of Commerce's National Institute of Standards and Technology has chosen four encryption algorithms that are designed to withstand the hacking of a future quantum computer and protect digital information. NIST said all four of the algorithms were created by experts collaborating from multiple countries and institutions.
NIST's post-quantum computing cryptography standard process is entering its final phases. For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm.
The four selected encryption algorithms will become part of NIST's post-quantum cryptographic standard, expected to be finalized in about two years. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road. The quantum-resistant encryption algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.
Cybersecurity firms are particularly interested in people who understand the RMF, or Risk Management Framework - a U.S. government guideline for taking care of data. The NIST Cybersecurity & Risk Management Frameworks Course helps you understand this topic, with over 21 hours of video instruction.
Abstract: In recent decades, the U.S. National Institute of Standards and Technology, which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic standards. Edward Snowden disclosed that the National Security Agency had subverted the integrity of a NIST cryptographic standardthe Dual EC DRBGenabling easy decryption of supposedly secured communications.
Even if an organization has already brought its password policy in line with NIST's recommendations, it is a good idea to periodically revisit those recommendations since they do change over time. Not surprisingly, NIST no longer recommends scheduled password changes.
The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. The agency's mathematicians worked with NIST to support the process, trying to crack the algorithms in order to test their merit.
The National Institute of Standards and Technology has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks throughout the supply chain. "The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it," NIST notes.