Tag Archives: NIST

Why We Need to Move to SHA-2

January 6, 2014 by Bruce Morton     1 Comment

Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]

Dual-EC DRBG Concerns Hit Media Again

December 23, 2013 by Tim Moses     1 Comment

NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]

Filed Under: General Tagged With: NIST, RSA

Moving to 2048-bit Keys

July 22, 2013 by Bruce Morton     2 Comments

In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers changing their keys from 1024-bit to 2048-bit RSA. I suppose congratulations may be in order. But, on the other hand, what’s been the delay? I’ve post a couple of blogs about key size policy back in 2010 [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CAB Forum, NIST, SSL

SHA-3

October 9, 2012 by Bruce Morton     No Comments

On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]

Filed Under: Secure Browsing, SSL, Technical Tagged With: Keccak, MD5, MD5MD5