Announcement

Collapse
No announcement yet.

OpenSSH 9.0 Released With Hardening Against Future Quantum Computers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSSH 9.0 Released With Hardening Against Future Quantum Computers

    Phoronix: OpenSSH 9.0 Released With Hardening Against Future Quantum Computers

    OpenSSH 9.0 is available today as the latest version of this widely-used, open-source SSH implementation. With OpenSSH 9.0 comes new features as well as changes like scp using the SFTP protocol by default...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I hereby bet my left ball that when quantum computers will be generally available, OpenSSH 9.x will be so obsolete and full of well known vulnerabilities that this particular shrewdness will be useless. Smells of overengineering, but maybe it didn't cost that much to implement it.

    Comment


    • #3
      I tried looking up NTRU and I don't really get what makes it particularly strong against quantum computers.
      I never really realized until now that once quantum computers effectively and reliably reach "quantum supremacy", the world is kinda screwed when it comes to encryption.

      Comment


      • #4
        'client to perver server-side...." ​​​​​​​​​

        Comment


        • #5
          Originally posted by lucrus View Post
          I hereby bet my left ball that when quantum computers will be generally available, OpenSSH 9.x will be so obsolete and full of well known vulnerabilities that this particular shrewdness will be useless. Smells of overengineering, but maybe it didn't cost that much to implement it.
          Doesn't matter, if they're protecting against future decryption of current communications. The software could be long dead and gone but the network captures may live on in an NSA hard drive. At that point you can't go back in time and poke vulnerabilities. All you can do is attack the crypto math itself.

          Comment


          • #6
            Originally posted by schmidtbag View Post
            I tried looking up NTRU and I don't really get what makes it particularly strong against quantum computers.
            I never really realized until now that once quantum computers effectively and reliably reach "quantum supremacy", the world is kinda screwed when it comes to encryption.
            China has a running quantum encrypted network.

            Chinese scientists have established the world's first integrated quantum communication network, combining over 700 optical fibers on the ground with two ground-to-satellite links to achieve quantum key distribution over a total distance of 4,600 kilometers for users across the country. The team, led by Jianwei Pan, Yuao Chen, Chengzhi Peng from the University of Science and Technology of China in Hefei, reported in Nature their latest advances towards the global, practical application of such a network for future communications.

            Comment


            • #7
              Originally posted by schmidtbag View Post
              I tried looking up NTRU and I don't really get what makes it particularly strong against quantum computers.
              I never really realized until now that once quantum computers effectively and reliably reach "quantum supremacy", the world is kinda screwed when it comes to encryption.
              I remember reading somewhere that quantum computers are already being used to crack/decrypt at least older TrueCrypt-encrypted volumes in a reasonable timeframe.

              If anyone has more concrete knowledge, feel free to share (especially if you happen to work for any of the three-digit agencies).

              Comment


              • #8
                Originally posted by lucrus View Post
                I hereby bet my left ball that when quantum computers will be generally available, OpenSSH 9.x will be so obsolete and full of well known vulnerabilities that this particular shrewdness will be useless. Smells of overengineering, but maybe it didn't cost that much to implement it.
                The article specifically said that this change is to prevent people from collecting encrypted messages now and decrypting them in the future.
                Did you even read past the title?

                Comment


                • #9
                  Michael, link previews are broken recently on Yammer, could you please check?

                  Clipboard01.png

                  Comment


                  • #10
                    Originally posted by schmidtbag View Post
                    I tried looking up NTRU and I don't really get what makes it particularly strong against quantum computers.
                    I never really realized until now that once quantum computers effectively and reliably reach "quantum supremacy", the world is kinda screwed when it comes to encryption.
                    Quantum computers mostly threatens asymmetric encryption, which is used in key exchange stage of TLS and ssh to establish a shared secret key and the authentication of the server using TLS certificate.

                    Hashing algorithm like sha256 and sha512 are believed to be safe against quantum computers.

                    For symmetric encryption, it is believed that by doubling the size of the shared secret, we can make it quantum resistent.

                    So the main problem here is the key exchange stage in TLS and ssh, and the TLS certificate that are in question here.
                    Fixing the first problem is relatively easy, just change the implementation, upgrade the algorithms used in it.

                    For the second one, it is going to be much harder due to many parties involved in the TLS certificate chain, maybe it would completely redesigned.

                    Checkout this article from Cloudclare https://blog.cloudflare.com/post-quantum-future/ , it provides a lot of insights into the problem.

                    Comment

                    Working...
                    X