Open in app

Sign in

Write

Sign in

Shock News: SHA-256, ECDH, ECDSA and RSA Not Approved by ASD in Australia for 2030

Prof Bill Buchanan OBE FRSE
3 min readDec 16, 2024

I am a bit shocked … SHA-256, RSA, ECDSA and ECDH will not be approved for use in Australia by 2030. Basically, these four methods are used for virtually every Web connection that we create, and where ECDH is used for the key exchange, ECDSA or RSA is used to authenticate the remote server, and SHA-256 is used for the integrity of the data sent. The removal of SHA-256 definitely goes against current recommendations.

From what I know at the current time, AES-256 and SHA-256 are safe from the risk of cracking from quantum computers. The guidance comes from the Australian Signals Directorate (ASD) and which exists within the Australian Government’s technical authority on cyber security: [here]:

The minimum levels of security are split into five main security levels.

  • 112 bits for non-classified data
  • 112 bits for OFFICIAL: Sensitive data.
  • 112 bits for PROTECTED data.
  • 128 bits for SECRET data.
  • 192 bits for TOP SECRET data.

--

--

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

34K Followers
39 Following

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.

Responses (13)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams