NIST & SP 800-131A

The National Institute of Standards and Technology (NIST) recommendations for the use of stronger cryptographic keys and more robust algorithms as defined in SP 800-131A.

We offer extensive help transitioning your crypto estate to the stronger NIST recommendations. Specific guidance on the NIST definition of terms: what is acceptable, what is deprecated, what is disallowed and what is legacy –use.
We can help you identify and understand which algorithms are affected and which key size is appropriate during and after the transition phase.

Random number generators (RNGs) which are used for the generation of keys, nonce and authentication challenges are also under review by NIST. FIPS 186-2 was the reference for RNGs. Now things have changed with the introduction of SP 800-90 and the term “random bit generator” (RBG) is more fashionable. Either way, we are helping companies work through the changes and can offer our experience where it really matters.

Transitioning keys from 1024 bits to larger key sizes as stipulated by NIST can be a major challenge for many organizations. A great deal of testing may be required within some crypto estates. This is equally important when upgrading SHA-1 for digital signature verification to SHA-224, SHA-256, SHA-384 or SHA-512.

The implications are wide, and the potential to impact production systems which depend on non-compliant PKI infrastructures is very real. Rebuilding, transitioning or re-keying existing PKI infrastructures is an area that we are very experienced in and our invaluable experience is available to companies that require it.

Understanding the risks of using deprecated hash functions and inadequate key sizes beyond 2013, is something companies cannot ignore. Your PKI infrastructure can be re- built or transitioned so that it is compliant with the new NIST recommendations by our experienced consultants.