|
|
Subscribe / Log in / New account

OpenSSH 9.0 released

OpenSSH 9.0 released

Posted Apr 9, 2022 16:45 UTC (Sat) by ballombe (subscriber, #9523)
In reply to: OpenSSH 9.0 released by tamiko
Parent article: OpenSSH 9.0 released

Yes. The paranoid in me cannot help but wonder whether the NIST post-quantum crypto contest is not a sneaky attempt by the NSA to divert people from safe EC crypto to something less studied where they are more likely to have an edge.

to post comments

OpenSSH 9.0 released

Posted Apr 9, 2022 17:49 UTC (Sat) by JoeBuck (subscriber, #2330) [Link] (2 responses)

The NSA does not own all of the world's cryptographers and will be unlikely to succeed again at inserting a back door into a standard, since they got caught (see https://en.wikipedia.org/wiki/Dual_EC_DRBG ). Experts will be looking harder next time, and there was enough troubling analysis at that time that almost everyone rejected that algorithm.

But we could reverse your argument: suppose that NSA has secret advanced technology to use quantum computing to break current cryptography, not quite ready yet but close. How to protect that? We wouldn't want people to switch away from algorithms that they are close to breaking. Maybe by spreading paranoia about the post-quantum crypto contest?

OpenSSH 9.0 released

Posted Apr 11, 2022 12:13 UTC (Mon) by ballombe (subscriber, #9523) [Link] (1 responses)

Sorry but the the NIST competition is a major force toward the use of post-quantum crypto.

OpenSSH 9.0 released

Posted Apr 11, 2022 14:26 UTC (Mon) by Paf (subscriber, #91811) [Link]

Yes, that’s exactly the point being made. It is a force for that and so spreading uncertainty about it helps an agency that doesn’t want that transition to occur. Not saying you’re doing that but the point is the logic can go in either direction. (Which doesn’t mean it’s wrong, I think it just means we don’t know.)

OpenSSH 9.0 released

Posted Apr 9, 2022 19:42 UTC (Sat) by cypherpunks2 (guest, #152408) [Link]

We already know for a fact that ECC is broken. All that's stopping it from being broken in practice is quantum error correction and coherence times. And I would hope that we would use a hybrid key exchange in TLS and all major protocols for a long time but not because of a backdoor so much as possible weaknesses in relatively new algorithms.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds