This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
NSA Suite B Cryptography
NSA Suite B Cryptography

Version management

Difference between version and

At line 1 added 55 lines
!!! Overview
[{$pagename}] ([Suite B]) is a__ [Deprecated] __[National Security Agency] ([NSA]) recommended a set of interoperable [cryptographic] [algorithms] is replaced by [Commercial National Security Algorithm Suite] ([CNSA])
%%warning
[RFC 8423] titled: Reclassification of Suite B Documents to [Historic] Status
%%
[{$pagename}] standard specifies a mode of operation in which only a specific set of secure [cryptographic] [algorithms] are used.
[{$pagename}] [Cryptographic Algorithms] are specified by the [National Institute of Standards and Technology] ([NIST]) and are used by [NSA]'s Information Assurance Directorate in solutions approved for protecting classified and unclassified [National Security] Systems (NSS).
[{$pagename}]:
* [encryption] [algorithm] ([AES])
* [key-Exchange] [algorithm] ([Elliptic Curve] [Diffie-Hellman], also known as [ECDH])
* [digital Signature] [algorithm] ([Elliptic Curve Digital Signature Algorithm] ([ECDSA])
* [hash]ing [algorithms] ([SHA-256] or [SHA-384])
!! Additional [{$pagename}] items
* [NIST.SP.800-56A] - Recommendation for Pair-Wise [Key-Establishment] Schemes Using Discrete Logarithm [Cryptography]
* [IETF] has:
* [RFC 5759], Suite B Certificate and Certificate Revocation List (CRL) Profile
* [RFC 6239], Suite B Cryptographic Suites for Secure Shell (SSH)
* [RFC 6379], Suite B Cryptographic Suites for IPsec
* [RFC 6460], Suite B Profile for Transport Layer Security (TLS)
* [{$pagename}] compliant profile for use with [TLS 1.2]. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
* A transitional profile for use with [TLS 1.0] or [TLS 1.1]. This profile enables interoperability with non-[{$pagename}] compliant servers. When configured for [{$pagename}] transitional operation, additional encryption and hashing algorithms
may be used.
[{$pagename}] standard is conceptually similar to [FIPS 140]-2, because it restricts the set of enabled [cryptographic] algorithms in order to provide an [Level Of Assurance].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [NSA_Suite_B_Cryptography|Wikipedia:NSA_Suite_B_Cryptography|target='_blank'] - based on information obtained 2018-10-03-
* [#2] - [Commercial National Security Algorithm Suite|https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm|target='_blank'] - based on information obtained 2019-10-30
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop