From 7fabc562f941c420c84f858abbd6820ddbcb3783 Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Wed, 18 Dec 2024 16:12:09 +0000
Subject: [PATCH] readme

---
 README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 67d6532..75cee43 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-qu
 > [!IMPORTANT]
 > NIST published [IR 8547](https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf),
 > prohibiting classical cryptography (RSA, DSA, ECDSA, ECDH) after 2035.
+> Australian ASD does same thing [after 2030](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography).
 > Take it into an account while designing a new cryptographic system.
 
 ### This library belongs to _noble_ cryptography
@@ -162,13 +163,14 @@ We implement spec v3.1 with FIPS adjustments. Some wasm libraries use older spec
 
 We suggest to use ECC + ML-KEM for key agreement, ECC + SLH-DSA for signatures.
 
-ML-KEM and ML-DSA are lattice-based. SLH-DSA is hash-based, which means it is built on top of older, more conservative primitives. As for security levels, use at least cat-3:
+ML-KEM and ML-DSA are lattice-based. SLH-DSA is hash-based, which means it is built on top of older, more conservative primitives. NIST guidance for security levels:
 
 - Category 3 (~AES-192): ML-KEM-768, ML-DSA-65, SLH-DSA-[SHA2/shake]-192[s/f]
-- Category 5 (~AES-256): ML-DSA-1024, ML-DSA-87, SLH-DSA-[SHA2/shake]-256[s/f]
+- Category 5 (~AES-256): ML-KEM-1024, ML-DSA-87, SLH-DSA-[SHA2/shake]-256[s/f]
 
-Symmetrical algorithms like AES and ChaCha (available in [noble-ciphers](https://github.com/paulmillr/noble-ciphers))
-suffer less from quantum computers. For AES in pq setting, ensure AES-256 is used.
+NIST recommends to use cat-3+, while australian [ASD only allows cat-5 after 2030](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography).
+
+For [hashes](https://github.com/paulmillr/noble-hashes), use SHA512 or SHA3-512 (not SHA256); and for [ciphers](https://github.com/paulmillr/noble-ciphers) ensure AES-256 or ChaCha.
 
 ## Security