NIST has chosen HQC as a backup algorithm for post-quantum encryption, providing an additional layer of defense alongside ML-KEM. HQC uses different mathematical principles and is expected to be finalized in 2027.
The article discusses the current state of post-quantum cryptography as of February 2025, highlighting developments in quantum computer capabilities, error correction, and the industry's focus on hybrid key exchanges in TLS 1.3. It reviews NIST's standardized post-quantum algorithms and their implementation in browsers and libraries. The article also addresses the challenges of supporting multiple hybrid key exchanges and the slow adoption of necessary standards.
The latest draft version of NIST's password guidelines simplifies password management best practices and removes recommendations for using complex passwords and mandatory periodic resets.
The National Institute of Standards and Technology (NIST) proposes eliminating some common but ineffective password requirements like periodic changes and restrictions on character types to improve overall security hygiene.
"The latest NIST guidelines now state that:
Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords and Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator."
