Tech News
Back to home
Technology

NSA and IETF, part 3: Dodging the issues at hand

Source

Hacker News

Published

TL;DR

AI Generated

The article discusses the ongoing issues between the NSA and IETF regarding the standardization of cryptography. The focus is on the debate over whether to adopt a non-hybrid document proposed by the NSA, which adds post-quantum (PQ) cryptography as an option alongside existing standards. The article highlights the lack of consensus within the IETF regarding this adoption, with disagreements over the complexity, risks, and future implications of pure PQ algorithms. The author challenges the claims of consensus made by IETF chairs and area directors, pointing out discrepancies in the voting results and procedural handling of objections. The article raises concerns about the transparency, decision-making process, and potential biases within the IETF regarding cryptographic standards.

Read Full Article

Similar Articles

Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users

Linux exploit instantly grants administrator access on most distributions since 2017 — cryptography optimization snafu grants root privileges to local users

A recent Linux exploit, CVE-2026-31431, allows local unprivileged users to gain root access instantly on most Linux distributions since 2017. The exploit affects popular distros like Ubuntu, RHEL, Suse, and Amazon Linux, as well as Windows' WSL2. The vulnerability, discovered by Xint Code researchers, involves a cryptography optimization flaw that grants administrator privileges through a devious attack on the AF_ALG socket. While a patch has been released, some distributions may still be vulnerable, requiring mitigation methods like disabling AF_ALG sockets. The exploit occurs in memory without leaving detectable traces on disk, making it challenging to detect with security software.

Tom's Hardware
In a first, a ransomware family is confirmed to be quantum-safe

In a first, a ransomware family is confirmed to be quantum-safe

A new ransomware family named Kyber claims to be quantum-safe by using ML-KEM encryption, a post-quantum cryptography standard. This encryption method is designed to be resistant to attacks by quantum computers, unlike traditional methods like Elliptic Curve and RSA. Security firm Rapid7 confirmed that Kyber uses the highest strength version of ML-KEM to encrypt victims' data with AES-256, making it the first known case of ransomware utilizing post-quantum cryptography. This development highlights the evolving tactics of cybercriminals to enhance the security of their malicious activities.

Ars Technica
Contrary to popular superstition, AES 128 is just fine in a post-quantum world

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

AES 128 encryption is deemed secure in a post-quantum world, despite concerns raised by some about its vulnerability to quantum computing. The widely used AES 128 variant of the Advanced Encryption Standard has stood the test of time with no known vulnerabilities in its 30-year history. While amateur cryptographers have theorized about potential weaknesses using Grover's algorithm, the reality is that breaking AES 128 would still require an unfeasible amount of time and resources, making it a reliable choice for encryption. The key lies in the complexity of brute-force attacks and the inability of quantum computers to parallelize the workload effectively.

Ars Technica
Recent advances push Big Tech closer to the Q-Day danger zone

Recent advances push Big Tech closer to the Q-Day danger zone

Sophisticated malware known as Flame exploited a vulnerability in Microsoft's update distribution system back in 2010, highlighting the dangers of cryptographic weaknesses like MD5. The attack, which involved forging digital certificates, serves as a cautionary tale for the tech industry. As cryptography engineers work to replace vulnerable algorithms like MD5, organizations are implementing new solutions to mitigate the risks posed by quantum computing advancements.

Ars Technica

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.