We are working on the knowledge base now so stay tuned!
Update: I just found out that Cisco has fully funded through a gift grant the Cryptographic Knowledge Base that will be managed and overseen by Johns Hopkins University and specifically Seth Nielson and Matthew Green. I am honored to be working with the best of the best in the Crypto Community in the design and implementation of this Cryptographic Knowledge Base that will be a reference site for the Cybersecurity Community. I am super excited that my idea is becoming a reality. Most importantly, it wouldn’t be what it is going to be which is a go to cryptographic knowledge base and community without collaboration from a lot of amazing people at JHU and Cisco. This site will aid the entire industry to quickly and easily know what algorithms and key sizes should be used and avoided along with compliance and threat information in an easy to understand format.
Perhaps unsurprisingly, there is often a disconnect between cryptography researchers and industry practitioners in terms of practical cryptography use. In some cases, vulnerabilities discovered in academic circles are still used for years elsewhere. Moreover, the need for using cryptography has become ubiquitous and yet many software developers and system administrators are often not fully briefed on the appropriate deployment.
While systems like CVE include cryptographic vulnerabilities, none of them provide comprehensive information such as trade-offs, alternatives, or an explanation of how it might be exploited in practice. And to our knowledge, there is no system that provides up-to-date guidance on the correct use and deployment of acceptable algorithms. These systems disclose specialized information that is primarily useful to specialists and advanced practitioners. They do not achieve, nor is it their primary goal to achieve, knowledge transfer.
We propose to address these problems by creating a central repository of practical cryptographic knowledge designed to enable researchers to communicate their findings to industry, and for cryptography consumers to find reliable, up-to-date, and practical guidance in deploying their applications, systems, and installations. This repository, embodied in a publicized web presence, will educate system administrator and software developers about cryptographic algorithms that should no longer be used, how to correctly configure cryptographic parameters, concrete trade-off considerations, and so forth.
We envision a system that is supported by the technology community and that receives input from academic and industrial sources. The Johns Hopkins University Information Security Institute would provide editorial management and technical guidance.
In short, we propose to create an authoritative repository of practical cryptographic knowledge that enables the correct use of up-to-date cryptography throughout the worldwide IT community.
Cryptographic information will be presented in an easy to understand and straightforward manner categorized as “recommended”, “acceptable”, “avoid”, or “future” while more detailed information would identify recommended key sizes and other parameters.