Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It could have to do with the NSA's August 2015 plan for transitioning to quantum-resistant algorithms. In their new Commercial National Security Algorithm (CNSA) Suite, they advise a minimum 3072-bit RSA modulus:

https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite....

(Doh... I don't know why I'm getting an invalid certificate authority error when trying to access that site, but Qualys SSL Labs confirms it's a real error. Yikes.)



The certificate is issued by the DOD's internal CA. Not sure why they're using one for a public facing site though.


They're DOD so why not. There's a lot of them that do. What confused me was that browsers in US didnt trust DOD PKI... probably quite reliable... while they have plenty of shady, less-secure CA's on their list.


Also: with quantum computing still in its infancy, how do we actually know which types of keys would be adequate?


Koblitz and Menezes explore various theories about the NSA's new policy in their paper, A Riddle Wrapped In An Enigma:

https://eprint.iacr.org/2015/1018.pdf


For anyone reading the thread, this is an absolute must-read paper if you're at all interested in the near-future of production cryptosystems in high-risk settings.


Not a direct answer to your question, but http://pqcrypto.org has a lot of great information on post-quantum crypto.


I did not read it due to the certificate problem. Could someone post an abstract here?


Here's a copy of their CNSA FAQ:

https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computin...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: