Filling the Gaps in FIPS Cryptography (G22c)
With the publication of FIPS 186-5, NIST has taken an important step to further align the algorithms available in FIPS 140-3 with real-world adoption. Still, there are some areas where FIPS is currently limited to cryptographic primitives that are commonly considered inferior or outdated. Firstly, we will look at nonce-misuse resistant cryptography, the motivation behind it, and how it is implemented. As an example, we will investigate the design and adoption of the two most common nonce-misuse resistant, authenticated encryption schemes: AES-SIV and AES-GCM-SIV. Secondly, we will look at modern password-based key derivation functions. We will explain why PBKDF2, as currently standardized in SP 800-132, does not provide sufficient protection against contemporary threats. We will show why algorithms such as Argon2 and scrypt are now preferred, and widely used in the industry.