Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
matangi
Employee
Employee

Hi @RS_Daniel 

Diffie-Hellman group 20 with curve P-384 is good enough alternative to Diffie-Hellman group 21.

Currently there are no plans to add Diffie-Hellman group 21 support.

 

According to NSA, Diffie-Hellman group 20 is secured enough:

https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite

 

See also the following Q & A from NSA | Quantum Computing and Post-Quantum Cryptography FAQs

 

Q: For RSA and Diffie-Hellman based solutions, the CNSA Suite includes only a minimum size. Can I

use the NIST P-521 curve for ECDH or ECDSA on NSS?

A: Cryptographic libraries implementing RSA and DH have long supported multiple key sizes, and there is a

diverse range of sizes already in use. To save costs, the existing use of larger key sizes is allowed to continue

in CNSA. For elliptic curve cryptography, specific parameters must be programmed, and P-384 was the

common parameter set established in Suite B when this technology was first deployed. To enhance system

interoperability, NSA retained the requirement to use only NIST P-384 in the CNSA definition. NSS operators

who wish to use an algorithm outside of the officially specified CNSA Suite should always consult with NSA.

However, if interoperability is not a concern, P-521 would likely be considered acceptable.

 

Thanks,

Matan

View solution in original post

0 Kudos
(1)
Who rated this post