On Monday, April 10, 2023 4:01:45 PM EDT Daniel Alley wrote:
>and in 1-2 years, SHA256
I've not seen any speculation much less evidence about sha256 being
insecure. Is this a post-quantum-crypto thing?
Yes. There are a set of requirements called CNSA 1.0 that is being driven
into all the security standards. They are selecting algorithms and key sizes
that likely will stand up longer to efforts to crack them via quantum
computers. Everything as of last fall needs to have at least 256 bit
strength. So, sha384 is the current standard. RSA 3072 and greater are
allowed as is ECDH P-512, and AES-256.
Then in 2025, this all starts again with CNSA 2.0 where there's a transition
period to quantum resistant algorithms. The target is everything transitioned
by 2030.
-Steve