[Cryptography] RSA Crypto is officially insecure due to NIST

[Hanno Böck]

On Sun, 2 Apr 2017 10:00:02 +0200
"Tom A. via cryptography" <cryptography at metzdowd.com> wrote:

> #RSA Crypto is insecure:
> http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
> 
> Why is #Signal #XMPP #Omemo using it?

They're not, Signal and OMEMO use ecc-based crypto.

Yet the issue you're referring to seems to be threats from quantum
computers. ECC and RSA are equally affected.

The transition to post quantum cryptography is a topic of very active
research, yet the community hasn't reached a conclusion which
algorithms are practical and trustworthy.

> GoldBug.sf.net seems to be the only Messenger & Email Client using
> NTRU or McEliece in an open source implementation, both are
> considered as quantum resistant.

Goldbug looks like a snakeoil messenger.

Ntru has been patented and only very recently its patent holder
announced that it intends to make it freely available. This has
hindered any adoption in the past.

Mceliece is only secure in variants that have keys in the megabyte size
range. This is impractical for most use cases.

Alternative encryption schemes being investigated are based on ring
learning with errors. New Hope and NewHope-Simple [1] are recent
variants. Other fields of postquantum research are supersingular
isogenies.

I agree that messengers should start investigating postquantum crypto,
but the field is very much in flux and early adopters should be
prepared to overthrow whatever they've been implementing. For now
implementing hybrid schemes is a good option.

If you read the NIST document you linked then you'll notice that NIST
is only in the phase of starting a standardization effort for pqcrypto.
Unfortunately we don't have "standard options" for postquantum
encryption schemes yet that we can easily adopt.

[1] https://cryptojedi.org/papers/newhopesimple-20161217.pdf
-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42