Reply to post: Re: Is there a database somewhere keeping track of these 'deprecations' ?

Hash snag: Security shamans shame SHA-1 standard, confirm crucial collisions citing circa $45k chip cost

An nonymous Cowerd

Re: Is there a database somewhere keeping track of these 'deprecations' ?

There are of course slightly differing interpretations of secure/insecure (elliptic curves etc) and much subtlety, even just pre-QC.

I think a main international standard list is transmitted by ESI ALGO from the Electronic Signatures and Infrastructures (ESI) group at the European Telecommunication Standards Institute (ETSI)

perhaps their documents are publicly available somewhere?

I seem to have found 2019 here

https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?wki_id=56765

excellent work by Ernst & the team (of which I was a brief member)

"ETSI TS 119 312 V1.3.1 (2019-02)" and it is very readable, but more nuanced than an API

a sort of flowchart "keylen" chart exists here, that might be scriptable https://www.keylength.com/en/1/ (also available in french)

but none of these factor in the most important vuln which is simply the available budget of your 'opponent', as some groups are allegedly approaching infinite budget, then plan accordingly..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020