I'm currently writing some documentation for a work project, and part of my job has involved doing a (somewhat over my head) deep dive into the security properties of various cryptography-related algorithms in OpenSSH and which ones are likely to be superior to others in various scenarios. In the process of doing this, I noted that it seems OpenSSH supports post-quantum-secure algorithms for symmetric encryption, key exchange, and message authentication codes, but notably lacks a post-quantum-secure signature algorithm for host key and public key authentication. As I understand it (keep in mind I am not a cryptographer by any means), this means that an attacker with a sufficiently powerful quantum computer could, in the future, MITM SSH connections or spoof trusted client devices. Are there any plans to integrate a post-quantum-secure signature algorithm in OpenSSH, such as SLH-DSA (SPHINCS+)? (Unrelated, the "About openssh-unix-dev" page [1] claims that the list is open for non-subscribers, but my first attempt at sending this was rejected with "Posting by non-members to openssh-unix-dev@xxxxxxxxxxx is currently disabled, sorry." It might be useful to correct the page so people know to subscribe first.) [1] https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- Aaron
Attachment:
pgpIW326K9SVI.pgp
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
