Openssh Now Protects Against Quantum Computer Attacks By Default

Changes are done to guard against attacks that encrypt the ciphertext now and decrypt it later.
SIA Team
April 11, 2022

With the release of OpenSSH 9 and the adoption of the hybrid Streamlined NTRU Prime + x25519 key exchange technique, post-quantum cryptography has become the default.

As work on quantum computers progresses, so does the need to defend against future attacks. Traditional encryption is projected to be straightforward to crack once a functional quantum computer is created.

“The NTRU algorithm is believed to resist assaults enabled by future quantum computers and is combined with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be revealed in the future,” according to the release notes.

“We’re introducing this modification now (before cryptographically relevant quantum computers become accessible) to prevent ‘capture now, decrypt later’ attacks, in which an adversary who can record and retain SSH session ciphertext can decrypt it once a sufficiently sophisticated quantum computer becomes available.”

The NATO Cyber Security Center tested its quantum-proof network last month.

At the time, chief scientist Konrad Wrona commented, “Securing NATO’s communications for the quantum era is vital to our capacity to operate efficiently without fear of interception.”

“The trial began in March 2021 and ended in early 2022. Quantum computing is becoming increasingly economical, scalable, and practical, and all organizations, including NATO, are ready to respond to the threat of ‘harvest now, decrypt later.'”

The SCP command has been switched from its default legacy protocol to SFTP, although it has various incompatibilities, such as not supporting wildcards in remote filenames or expanding a user path, albeit the latter is supported with an extension.