Post-quantum cryptography has arrived by default with the release of OpenSSH 9 and the adoption of the hybrid streamlined NTRU Prime + x25519 key exchange method.
“The NTRU algorithm is believed to be resilient to attacks enabled by future quantum computers and coupled with the X25519 ECDH key exchange (the previous standard) as a backstop against any weaknesses in NTRU Prime that could be exposed in the future.” The combination ensures that the hybrid exchange offers at least as good security as the status quo,” the release notes said.
“We are making this change now (i.e. before cryptographically relevant quantum computers) to prevent ‘capture now, decrypt later’ attacks, where an adversary who can record and store SSH session ciphertext could ever decrypt it if a sufficiently advanced quantum computer is available.”
As work on quantum computers continues to progress, protection against future attacks has similarly increased. Thanks to the massive parallelism expected from workable quantum computers, it is believed that traditional cryptography will be trivial to crack once such a machine is built.
Last month, the NATO Cyber Security Center did a test run of its quantum-resistant network.
“Securing NATO communications for the quantum age is paramount to our ability to operate effectively without fear of interception,” said lead scientist Konrad Wrona at the time.
The trial began in March 2021. The trial was completed in early 2022. Quantum computing is becoming more affordable, scalable and practical. The threat of ‘harvest now, decode later’ is one that all organizations, including NATO, are preparing to respond to. .”
Elsewhere in the OpenSSH release that was mainly focused on bugfixing, the SCP command has moved from the standard legacy protocol to using SFTP, although it brings several incompatibilities such as not supporting wildcards with external filenames or extending a ~userpath , although the latter is supported by an extension.