8

AWS KMS 與 AWS ACM 支援 post-quantum TLS ciphers

 3 years ago
source link: https://blog.gslin.org/archives/2022/03/18/10602/aws-kms-%e8%88%87-aws-acm-%e6%94%af%e6%8f%b4-post-quantum-tls-ciphers/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

AWS KMS 與 AWS ACM 支援 post-quantum TLS ciphers

AWS 宣佈 AWS KMSAWS ACM 支援 post-quantum TLS ciphers:「AWS KMS and ACM now support the latest hybrid post-quantum TLS ciphers」。

全區支援 Kyber、BIKE 與 SIKE 這三個演算法:

The three PQC key encapsulation mechanisms (KEMs) offered are Kyber, BIKE, and SIKE. Hybrid post-quantum TLS combines a classical key agreement, such as ECDHE, with one of these KEMs. The result is that your TLS connections inherit the security properties of both the classical and post-quantum key exchanges.

Hybrid post-quantum TLS for AWS KMS and ACM is available in all public AWS Regions.

不過這是 NIST Post-Quantum Cryptography Standardization 裡 Round 3 裡面其中幾個演算法而已:

AWS Key Management Service (KMS) and AWS Certificate Manager (ACM) now support hybrid post-quantum key establishment for transport layer security (SSL/TLS) connections using the latest post-quantum ciphers from Round 3 of the NIST Post-Quantum Cryptography (PQC) selection process.

順便補一下隔壁棚 Cloudflare 的研究:「Making protocols post-quantum」。

Related

Google 與 Cloudflare 測試 Post-Quantum 演算法的成果

這幾年量子電腦的進展不斷有突破,雖然到對於攻擊現有的密碼學看起來還有一段時間,但總是得先開始研究對量子電腦有抵抗性的演算法... 其中 Google Chrome 的團隊與 Cloudflare 的團隊手上都有夠大的產品,兩個團隊合作測試的結果在學界與業界都還蠻重視的:「Real-world measurements of structured-lattices and supersingular isogenies in TLS」、「The TLS Post-Quantum Experiment」。 Google Chrome 這邊是使用了 Canary 與 Dev 兩個 channel,有控制組與兩個新的演算法: Google Chrome installs, on Dev and Canary channels, and on all platforms except iOS, were randomly assigned to one of three groups: control (30%),…

November 2, 2019

In "Browser"

AWS 也推出免費的 SSL Certificate 給 ELB 與 CloudFront 用了

AWS 推出免費的 SSL Certificate 服務 AWS Certificate Manager:「New – AWS Certificate Manager – Deploy SSL/TLS-Based Apps on AWS」。 目前宣佈只有在 us-east-1 可以用,不過實際測試會發現包括 CloudFront。 AWS Certificate Manager (ACM) is available now in the US East (Northern Virginia) region, with additional regions in the works. You can provision, deploy, and renew certificates at…

January 22, 2016

In "AWS"

SSL 3.0 爆炸,CVE-2014-3566,POODLE

這次的慘案是由 Google 的人找到 SSL 3.0 的問題:「This POODLE bites: exploiting the SSL 3.0 fallback」。 Google 提供的解法有兩種。一種是關掉 SSL 3.0,另外一種是關掉 SSL 3.0 的 CBC-mode cipher,但兩種解法都還是會痛: Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. 提到相容性問題的原因是 Windows XP + IE6…

October 16, 2014

In "Browser"

a611ee8db44c8d03a20edf0bf5a71d80?s=49&d=identicon&r=gAuthor Gea-Suan LinPosted on March 18, 2022March 18, 2022Categories AWS, Cloud, Computer, Murmuring, Network, Privacy, Security, ServiceTags 3, acm, algorithm, amazon, aws, bike, cipher, cloud, kms, kyber, nist, post, privacy, quantum, round, security, service, sike, ssl, tls

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *

Name *

Email *

Website

Notify me of follow-up comments by email.

Notify me of new posts by email.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)

Post navigation


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK