I had previously asked What’s after AES? if 3DES get BWAIN’d* out of existence?
Sweet32 is a BWAIN which compromises 3DES. That means that we are down to just AES. So, what happens if we get a BWAIN for AES?
The answer is Camellia and maybe chacha20-poly1305. But, these are quite rare. For example, the AWS ELB doesn’t appear to support either of them.
Should companies start looking to support (one or both of) these two ciphers?
By companies, I mean anyone and everyone. Since it takes a good amount of time to implement a new protocol or cipher on a bunch of systems, if tomorrow there is a problem with AES, then probably 99% of sites are out of luck.
For planning purposes, what sort of contingency is good for what to do about having only AES as the “acceptable” cipher? Management doesn’t like not having a contingency. TLS 1.3 has others in it, but it is still draft, meaning no/little support from major security appliances and load balancers. Even ChaCha and Camellia have little support from the major suppliers, and if they have support, it is likely only on their latest and greatest systems, not the 3-5 year old systems that many/most organizations have.
Does anyone have an actual plan? I haven’t seen PCI, NIST, SANS/CIS or any others come up with something. Does AWS for ELB? I haven’t seen it.
BWAIN = Bug With An Impressive Name
Continue reading What comes next after AES with DES and Seed32 issue? [on hold]→