SoylentNews

canopic jug [soylentnews.org] writes:

Damien Miller (djm@) just published a Post-Quantum Cryptography FAQ page [openssh.com] to the OpenSSH web site. It describes OpenSSH's use of and approach to post-quantum cryptography. A big goal is to minimize the risk from hostiles saving SSH traffic now to then crack the encryption later as new technology allows.

Fortunately, quantum computers of sufficient power to break cryptography have not been invented yet. Estimates for when a cryptographically-relevant quantum computer will arrive, based on the rate of progress in the field, range from 5-20 years, with many observers expecting them to arrive in the mid-2030s.

The entire privacy of an SSH connection depends on cryptographic key agreement. If an attacker can break the key agreement then they are able to decrypt and view the entire session. The attacker need not perform this attack in real time; they may collect encrypted SSH sessions now and then decrypt them later once they have access to a quantum computer. This is referred to as a "store now, decrypt later" attack (also as "harvest now, decrypt later").

OpenSSH supports post-quantum cryptography to protect user traffic against this attack.

(Via OpenBSD's journal, Undeadly [undeadly.org])

Previously:
(2025) New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks [soylentnews.org]
(2024) Timeline to Remove DSA Support from OpenSSH [soylentnews.org]
(2021) scp Will Be Replaced With sftp Soon [soylentnews.org]
(2020) SHA-1 to be Disabled in OpenSSH and libssh [soylentnews.org]
(2016) Upgrade Your SSH Keys [soylentnews.org]
(2015) OpenSSH 6.8 Will Feature Key Discovery and Rotation for Easier Switching to DJB's Ed25519 [soylentnews.org]
(2014) OpenSSH No Longer has to Depend on OpenSSL [soylentnews.org]

Original Submission