Is the difference in the strength of the cryptographic algorithms the only difference between handling TOP SECRET and SECRET information? Say in NSA Suite B, the following is recommended:
- SECRET: AES128, SHA256, ECHD256 and ECDSA256
- TOP SECRET: AES256, SHA384, ECDH384 and ECDSA384
Asked
Active
Viewed 211 times
0
-
2Short answer: no. There are also restrictions on the keys, who can have access to them, where they can be accessed, etc... – Matthew Feb 13 '17 at 10:30
-
Actually in 2015 Suite B was effectively superseded by the 'pre-post-quantum' approach of CNSA, which is equal to the former 'high' level of Suite B (AES256, SHA384, P-384) plus RSA-3072 for all levels, although Suite B wasn't formally withdrawn until later. See https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite – dave_thompson_085 Dec 08 '20 at 03:24
1 Answers
1
No, there are many different requirements for handling information at various levels of classification. What is more, these requirements are going to vary by country, but they include not only the encryption used, but they often need to live in different systems on different networks. Software and hardware products may also be certified for use with information up to a certain level of classification and not beyond. The physical security requirements for an environment increase as the level of classification increases. The screening requirements for personnel who have access increase with the level of classification. These are only a few high-level examples of the differences.
Xander
- 35,525
- 27
- 113
- 141