Welcome to the Acumen Security Blog

Upcoming crypto algorithm transitions: DH and ECDH as we know them might no longer be allowed

Acumen is at the annual FIPS lab managers’ meeting this week and has been involved in some interesting discussions about the direction of the FIPS program. One of the most interesting one and perhaps most materially impactful for our customers is the update to SP 800-131A currently in draft.

As you might recollect, SP 800-131A defined the key strength transitions from 80-bits to 112-bits of security strength. Now that we are beyond that transition deadline, NIST is looking at the next transition and in the process updating SP 800-131A. One of the key transition being proposed is to move away from DH and ECDH as identified in various RFCs to mandating compliance with SP 800-56A, SP 800-56B, and SP 800-56C. The proposed transition date is by end of 2017.

While it might seem this is some ways away, such a change has a potential to be extremely disruptive. While DH, ECDH, and RSA key wrapping (as defined in RFCs) is similar to SP 800-56A and SP 800-56B they are different enough such that a product implementing RFC based option will not be able to establish keys with a module implementing SP 800-56A/B! Moreover it will be quite difficult for a product to support both implementations without changes to the higher order protocols such as TLS, IKE, SSH that utilize these key establishment methods.

 
It is important that product vendors affected by this transition engage NIST immediately and discuss the ramifications as well as potential path forward. Acumen will be happy to facilitate these discussions.