First penguin advantage in cryptography

In a blog post referenced by The Register, Scottish academic Bill Buchanan from Napier University in Edinburgh has expressed surprise at the decision of the Australian Signals Directorate (ASD) to 'forward plan' for the deprecation of existing SHA-256, RSA, ECDSA, and ECDH key usage by 2030.

Bill's post and The Register write-up are entertaining reads, but the questions posed by this decision echo those discussed by Geoff Huston in his recent APNIC Blog post and PING podcast : What is the real risk-consequence issue here, looking ahead to the future? What is happening in technology that has prompted the ASD to take such a decisive step now, declaring that these algorithms must no longer be used by 2030?

It's an intriguing question. Within the APNIC region, it will also be interesting to observe how other major digital economies, mindful of their own strategic interests, respond to this move.

It is worth noting that this is primarily a statement from a government security and strategic communications agency regarding government communications and secrets. While it may not reflect the level of concern the average person should have about their day-to-day transactions, it does raise an important question: How valuable does your lifetime savings need to be before the risk of compromised cryptographic keys protecting them on the web becomes a serious concern?

Like the saying referenced in the title, sometimes, it takes just one penguin leaping off the iceberg to prompt the entire colony to follow. It will be interesting to see which other Asia Pacific economies and industry sectors take note - and act.

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.