throw0101c
4 hours ago
A more 'direct' link to the release notes:
OpenSSH 9.9 Released
60 pointsposted 6 hours ago
by zdw9 Comments
xyst
16 minutes ago
look forward to confusing my sysadmins when I present them with a MLKEM pub key :)
Probably will use this on my homelab though.
dustyharddrive
5 hours ago
Anyone have an informed preference between MLKEM and SNTRUP?
tptacek
4 hours ago
For what it's worth: Damien Miller has commented repeatedly here that OpenSSH did NTRU before the NIST competition completed, and they always planned to add the NIST PQ winner.
throw0101c
4 hours ago
Related to the hybrid post-QC crypto stuff, similar moves have been done for Chrome:
* https://security.googleblog.com/2024/09/a-new-path-for-kyber...
Draft for adding it to TLS (1.3):
* https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe...
WhyNotHugo
6 hours ago
What’s ML-KEM X25519? I’m familiar with Ed25519, but I’ve never heard of ML-KEM.
(Also not a cryptographer)
homebrewer
5 hours ago
tptacek
6 hours ago
ML-KEM is Kyber, the lattice-based winner of the NIST PQ KEM competition (think of a KEM as a public-key encryption and delivery of a key, as opposed to Diffie Hellman, in which both sides agree on a key together). It's a key establishment mechanism that resists quantum attacks.
marcus0x62
5 hours ago
For anyone unfamiliar with the acronyms:
PQ = Post Quantum (cryptography)
KEM = Key Encapsulation Method