throw0101c
a year ago
A more 'direct' link to the release notes:
OpenSSH 9.9 Released
101 pointsposted a year ago
by zdw16 Comments
throw0101c
a year ago
Related to the hybrid post-QC crypto stuff, similar moves have been done for Chrome:
* https://security.googleblog.com/2024/09/a-new-path-for-kyber...
Draft for adding it to TLS (1.3):
* https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe...
dustyharddrive
a year ago
Anyone have an informed preference between MLKEM and SNTRUP?
tptacek
a year ago
For what it's worth: Damien Miller has commented repeatedly here that OpenSSH did NTRU before the NIST competition completed, and they always planned to add the NIST PQ winner.
WhyNotHugo
a year ago
What’s ML-KEM X25519? I’m familiar with Ed25519, but I’ve never heard of ML-KEM.
(Also not a cryptographer)
tptacek
a year ago
ML-KEM is Kyber, the lattice-based winner of the NIST PQ KEM competition (think of a KEM as a public-key encryption and delivery of a key, as opposed to Diffie Hellman, in which both sides agree on a key together). It's a key establishment mechanism that resists quantum attacks.
marcus0x62
a year ago
For anyone unfamiliar with the acronyms:
PQ = Post Quantum (cryptography)
KEM = Key Encapsulation Method
telgareith
a year ago
Kyber? For some reason I hear that and think "isn't that the PQ with a foundational Assumption(!) that's been proven trivial for binary computers to break?"
zinekeller
a year ago
I'm not sure for Kyber, but SIKE/SIDH (another PQ candidate) does have those exact problems (https://eprint.iacr.org/2022/975.pdf)
tptacek
a year ago
Completely unrelated algorithms; it might be hard to come up with two algorithms less related to each other than module lattices LWE and supersingular isogeny graph Diffie Hellman --- even the outcomes of the two algorithmic approaches are different (SIDH was attractive because it gives you a Diffie Hellman, and Kyber gives you a KEM).
(I just want to make it clear that this isn't a lingering concern about lattice cryptography, fwiw.)
tptacek
a year ago
No.
homebrewer
a year ago
dangsux
a year ago
[dead]
xyst
a year ago
look forward to confusing my sysadmins when I present them with a MLKEM pub key :)
Probably will use this on my homelab though.
KAMSPioneer
a year ago
Your sysadmin will indeed be confused, since ML-KEM public keys are not used for authenticating and are generated by the client and server automatically, analogous to Diffie-Hellman.
You can confuse them (albeit much less) when OpenSSH adds support for one of the PQ DSAs.
user
a year ago
[deleted]