MQ

 View Only
  • 1.  Stronger encryption?

    IBM Champion
    Posted Wed May 18, 2022 05:11 AM
    I was asked if there was a recommended policy for which ciphers specs etc should be used  for MQ)

    With the recent announcements about quantum computers, it looks like the ciphers based on prime numbers are doomed  (say 5 years ahead). 
    People should be moving off RSA encryption.

    The latest z announcement talks about Lattice encryption (available in ICSF) which does not seem to be in System SSL (GSKIT) or OPENSSL.

    Is the current direction to use Elliptic Curves (EC)? Or is there another technique we should be looking at.
    For example some algorithms can only work on a single core.  Other algorithms can exploit parallel cores.   The latter are faster (in elapsed time)

    Colin

    ------------------------------
    Colin Paice
    ------------------------------


  • 2.  RE: Stronger encryption?

    Posted Thu May 19, 2022 07:43 PM
    Edited by Glenn Baddeley Thu May 19, 2022 07:49 PM
    Hi Colin,
    It appears that RSA 2048 has a lot of "comfort" life left in it, at least until 2030. RSA 4096 is in common use, and is many orders of magnitude more difficult to break than 2048.

    https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final and https://danielpocock.com/rsa-key-sizes-2048-or-4096-bits/ make interesting reading.

    Of course the house of cards collapses if a practical algorithm is found to factor very large integers in a reasonable time.

    Cheers
    ------------------------------
    Glenn Baddeley
    Senior Middleware Software Engineer
    Coles Supermarkets Australia Pty Ltd
    ------------------------------



  • 3.  RE: Stronger encryption?
    Best Answer

    Posted Tue August 23, 2022 02:01 PM
    I would say a good recommendation is getting to TLS 1.3. That only supports the following 5 CipherSuites:

    TLS_AES_128_GCM_SHA256
    TLS_AES_256_GCM_SHA384
    TLS_CHACHA20_POLY1305_SHA256
    TLS_AES_128_CCM_SHA256
    TLS_AES_128_CCM_8_SHA256

    Static RSA has been removed from TLS 1.3, but that was more to do with forward secrecy, as I understand. CBC was also removed, which is one of the single core algorithms you mentioned. These CipherSuites use AEAD, which modularizes how TLS software providers have to interact with the CipherSuites and helps remove security vulnerabilities that are due to mistaken implementation of the CipherSuites.

    As far as the impact of quantum computing on TLS, I have no idea there. Personally, I am following the recommendations of the IETF and what they recommend for TLS usage. One of the things they would probably first say is for IBM MQ to stop documenting CipherSuites as CipherSpecs. :-)

    ------------------------------
    Tim Zielke
    ------------------------------



  • 4.  RE: Stronger encryption?

    Posted Fri April 21, 2023 01:57 PM
    Edited by Tim Zielke Fri April 21, 2023 02:03 PM

    I just read about Quantum Computing in the book "Serious Cryptography: A Practical Introduction to Modern Encryption" by Jean-Philippe Aumasson. Very interesting stuff. According to the author, a functional Quantum Computer would make both RSA and Elliptic Curve cryptography unsecure. But does anyone currently have a truly functional Quantum Computer (i.e. one that can keep qubits stable for a long duration and not just at the sub-second duration)?

    Looking at TLS 1.3, I can see how the design might have been to prepare for the future possibility of a truly functional Quantum Computer. It removes static RSA, and switches to ephemeral Diffie-Hellman for the shared pre-secret key exchange. The author said there is ways to use DH to combat against a Quantum Computer. 

    Anyway, probably best to switch to TLS 1.3 or at least be using TLS 1.2 CipherSuites that are equivalent to TLS 1.3 CipherSuites.



    ------------------------------
    Tim Zielke
    ------------------------------