Source URL: https://www.theregister.com/2024/12/17/australia_dropping_crypto_keys/
Source: The Register
Title: Australia moves to drop some cryptography by 2030 – before quantum carves it up
Feedly Summary: The likes of SHA-256, RSA, ECDSA and ECDH won’t be welcome in just five years
Australia’s chief cyber security agency has decided local orgs should stop using the tech that forms the current cryptographic foundation of the internet by the year 2030 – years before other nations plan to do so – over fears that advances in quantum computing could render it insecure.…
AI Summary and Description: Yes
Summary: The Australian Signals Directorate (ASD) plans to prohibit the use of certain cryptographic algorithms critical for internet security by 2030 due to concerns over the potential impact of quantum computing. This move positions Australia ahead of other nations, prompting important discussions about the future of cryptography and infrastructure security.
Detailed Description: The ASD’s guidance on High Assurance Cryptographic Equipment (HACE) highlights the urgency of transitioning to post-quantum cryptographic standards in the face of evolving threats posed by quantum computing. This initiative has significant implications for cryptographic practices globally, emphasizing the need for security and compliance professionals to adapt to emerging technological risks.
Key Details:
– **Cryptographic Algorithms Impacted**: The ASD has flagged the following algorithms for prohibition by 2030:
– SHA-256
– RSA
– ECDSA (Elliptic Curve Digital Signature Algorithm)
– ECDH (Elliptic Curve Diffie-Hellman)
– **Rationale**: The accelerated timeline is attributed to expected advancements in quantum computing that may render existing cryptographic measures obsolete. These technologies could potentially undermine current encryption methods that rely on the assumption of long-term security.
– **Global Context**:
– The U.S. National Institute for Standards and Technology (NIST) had previously raised concerns in 2016 about the vulnerability of legacy encryption to quantum attacks, prompting initiatives for quantum-resistant algorithms.
– NIST has recently approved three post-quantum cryptographic algorithms and set a timeline for the transition away from older standards by 2035.
– **Comparative Observations**:
– Australia’s proactive stance contrasts with the more gradual approach suggested by NIST and the NSA, both of which have set 2035 as their transition date. Australia aims to ensure that algorithms considered “cryptographically relevant” do not go beyond 2030 for HACE devices.
– **Challenges Ahead**:
– The migration away from established algorithms like ECDH and RSA/ECDSA poses significant operational challenges, as they are deeply integrated into current web and infrastructure security protocols.
– Experts, such as Prof. Bill Buchanan, express concerns about the feasibility of this rapid transition and the potential implications for secure web connections.
– **Future Considerations**: The actual capacity for Australian government agencies to comply with this mandate post-2030 remains uncertain, particularly regarding the potential flexibility in upgrading their cryptographic tools beyond the deadline.
This development is vital for security professionals to monitor, as it sets a precedent for future cryptographic practices and highlights the need for organizations to stay ahead of quantum threats in their security strategies. The early adoption of post-quantum cryptography could give originating entities a competitive edge while ensuring compliance with upcoming regulatory standards.