Date Published: October 21, 2024
NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance on transitioning to the use of stronger cryptographic keys and more robust algorithms.
This revision proposes a) the retirement of ECB as a confidentiality mode of operation and the use of DSA for digital signature generation and b) a schedule for the retirement of SHA-1 and the 224-bit hash functions. This draft also discusses the transition from a security strength of 112 bits to a 128-bit security strength and to quantum-resistant algorithms for digital signatures and key establishment.
NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance for transitions to the use of stronger cryptographic keys and more robust algorithms.
cryptographic algorithm; digital signature; elliptic curves; encryption; entropy; extendable output functions; hash function; key agreement; key-derivation functions; key encapsulation; key transport; key wrapping; message authentication codes; quantum-resistant algorithms; random bit generation; security strength; transition
None selected
Publication:
Supplemental Material:
Document History: