Tag Archives: NIST

NIST Reconsiders Support for Suspect Algorithm

April 24, 2014 by Tim Moses     No Comments

The reputation of the U.S. National Institute of Standards and Technology (NIST) took a massive hit last year when it was suggested in revelations made by Edward Snowden that one of its standard procedures for generating random bit sequences had been subverted by the Nation Security Agency (NSA). If the suggestions were correct, then the [Read More...]

Filed Under: Encryption Tagged With: NIST, NSA

Why We Need to Move to SHA-2

January 6, 2014 by Bruce Morton     1 Comment

Previously, we advised that the SSL industry must move to the SHA-2 hashing algorithm for certificate signatures. We thought it would be helpful to provide the reasoning behind the position. In the context of SSL, the purpose of a hashing algorithm is to reduce a message (e.g., a certificate) to a reasonable size for use [Read More...]

Dual-EC DRBG Concerns Hit Media Again

December 23, 2013 by Tim Moses     1 Comment

NIST’s withdrawn special publication 800-90A is back in the news. This time, it’s due to an allegation carried by Reuters that RSA Data Security was paid by the NSA to make the dual-EC (elliptic curve) variant the default deterministic random-bit generator algorithm, or DRBG, in its commercial toolkit product. RSA has denied the allegation. Random-bit generation [Read More...]

Filed Under: General Tagged With: NIST, RSA

Moving to 2048-bit Keys

July 22, 2013 by Bruce Morton     2 Comments

In the last few months, I have been reading blog posts (e.g., Google and Evernote) about certificate subscribers changing their keys from 1024-bit to 2048-bit RSA. I suppose congratulations may be in order. But, on the other hand, what’s been the delay? I’ve post a couple of blogs about key size policy back in 2010 [Read More...]

Filed Under: SSL, SSL Deployment Tagged With: CAB Forum, NIST, SSL


October 9, 2012 by Bruce Morton     No Comments

On October 2, 2012, the National Institute of Standards and Technology (NIST) announced that the winner of the new SHA-3 hash function competition was Keccak. The plan is SHA-3 will eventually replace SHA-1 and the SHA-2 hash families. To support digital certificates, the hashing function is used by the certification authority (CA) to put its [Read More...]

Filed Under: Secure Browsing, SSL, Technical Tagged With: Keccak, MD5, MD5MD5