QryptoCyber

CBOM anyone? Until we integrate into SBOMs, it looks like CBOMs are going to be a thing. It's what we do. https://lnkd.in/dGQq94k3

NIST has spoken. RSA and ECDSA are banned from 2035. Also, key lengths offering 112-bit security are deprecated (but not banned) after 2030. This includes 2048-bit RSA and 224-bit ECDSA. The new rules are from NIST IR 8547, which was just released for public comments. The 2035 date is no surprise since it matches the deadline already given to federal agencies to complete their migrations. The main symmetric algorithms are unaffected, as they provide at least 128 bits of security. NIST IR 8547 is a 29-page document, but other than the timeline announcement, there’s nothing new to read. Page 13 is where you find the good stuff. View the whole doc here: https://lnkd.in/eUuCE8ZU. The clock is ticking! Ten years to go… 🔥 Join over 1,000 cyber professionals who subscribe to my free weekly newsletter: chasingcyber.com 🔥 #quantum #cybersecurity #cryptography #pqc #nist

"2030 is the deadline for the deprecation of legacy encryption algorithms The clock is ticking on widely-used digital signature and general encryption algorithms like RSA, ECDSA, EdDSA, DH, and ECDH. NIST has set an official timeline for phasing out these quantum-vulnerable methods. By 2030, these algorithms will be deprecated, and by 2035, they’ll be entirely disallowed." https://lnkd.in/emTvGAFv

"NIST also points out that transitioning from algorithm standardization to full integration into information systems can take anywhere between 10 to 20 years. Given the time it takes and the rise of “harvest now, decrypt later” attacks, it’s more important than ever for organizations to start preparing for post-quantum cryptography (PQC) now. " https://lnkd.in/ewNHYJkM

"Assessment of current cryptographic systems: Enterprises need to conduct thorough audits of their current cryptographic systems to identify vulnerabilities that could be exploited by quantum-enabled attacks. This includes evaluating the cryptographic algorithms in use, the types of data they protect and the duration for which the data needs to remain secure." https://lnkd.in/eUDucbkh

General Dynamics Information Technology (GDIT) has become the first systems integrator to join the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) consortium, the company announced on Monday.   https://lnkd.in/e7V7tHU6

"While there is no evidence that a quantum computer powerful enough to break the public key cryptography in use throughout AWS exists today, we are not waiting. We would rather put protections in place now to protect the security of our customers’ data into the future." https://lnkd.in/e8-tTYsF

“When you think about what IoT devices typically are, you may wonder why security is needed for them,” Harrison said. “But looking at what IoT devices are used for, a lot of them safety-critical and different types of applications. So having security within IoT is becoming quite common, and you’ll see this kind of requirement grow over time.” - https://lnkd.in/gmvaJZQE

QryptoCyber 3.0 is live! QryptoCyber’s integrated Post-Quantum Cryptography (PQC) audit tool efficiently performs a thorough cryptographic discovery and inventory. Flexible Deployment Options: Choose between our agent or widely-used internal scanning agents for seamless integration. Automated Cryptography Bill of Materials (CBOM): Gain continuous visibility into cryptographic assets for risk management and PQC readiness. Quantitative Quantum Risk Analysis (QQR): Build a financial and data-driven Quantum Resilience Roadmap to prioritize vulnerabilities. https://lnkd.in/euXjuYyk

The quantum age is quickly approaching. Recently, National Institute of Standards and Technology (NIST) posted NIST IR 8457 detailing timelines and recommendations for the Transition to Post-Quantum Cryptography Standards. The report details the strategic approach to transitioning systems away from the use of vulnerable cryptographic algorithms by 2035, a deadline based on the expectation of a viable quantum technique for breaking current encryption methods. Depreciation starts from 2030 - the clock starts now ⏱ Read our views on our blog (thank you to author Matt Stubbs): https://hubs.li/Q02ZXYyn0 #NIST #cryptography #cybersecurity #quantumage #postquantum