« BackOpenSSH 9.9 Releasedundeadly.orgSubmitted by zdw 7 months ago
  • throw0101c 7 months ago

    A more 'direct' link to the release notes:

    * https://www.openssh.com/txt/release-9.9

    * https://www.openssh.com/releasenotes.html#9.9p1

    • throw0101c 7 months ago

      Related to the hybrid post-QC crypto stuff, similar moves have been done for Chrome:

      * https://security.googleblog.com/2024/09/a-new-path-for-kyber...

      Draft for adding it to TLS (1.3):

      * https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe...

      • dustyharddrive 7 months ago

        Anyone have an informed preference between MLKEM and SNTRUP?

        • tptacek 7 months ago

          For what it's worth: Damien Miller has commented repeatedly here that OpenSSH did NTRU before the NIST competition completed, and they always planned to add the NIST PQ winner.

        • WhyNotHugo 7 months ago

          What’s ML-KEM X25519? I’m familiar with Ed25519, but I’ve never heard of ML-KEM.

          (Also not a cryptographer)

          • tptacek 7 months ago

            ML-KEM is Kyber, the lattice-based winner of the NIST PQ KEM competition (think of a KEM as a public-key encryption and delivery of a key, as opposed to Diffie Hellman, in which both sides agree on a key together). It's a key establishment mechanism that resists quantum attacks.

            • marcus0x62 7 months ago

              For anyone unfamiliar with the acronyms:

              PQ = Post Quantum (cryptography)

              KEM = Key Encapsulation Method

              • telgareith 7 months ago

                Kyber? For some reason I hear that and think "isn't that the PQ with a foundational Assumption(!) that's been proven trivial for binary computers to break?"

                • zinekeller 7 months ago

                  I'm not sure for Kyber, but SIKE/SIDH (another PQ candidate) does have those exact problems (https://eprint.iacr.org/2022/975.pdf)

                  • tptacek 7 months ago

                    Completely unrelated algorithms; it might be hard to come up with two algorithms less related to each other than module lattices LWE and supersingular isogeny graph Diffie Hellman --- even the outcomes of the two algorithmic approaches are different (SIDH was attractive because it gives you a Diffie Hellman, and Kyber gives you a KEM).

                    (I just want to make it clear that this isn't a lingering concern about lattice cryptography, fwiw.)

                  • tptacek 7 months ago

                    No.

                • homebrewer 7 months ago

                  https://lwn.net/Articles/973231

                  • dangsux 7 months ago

                    [dead]

                • xyst 7 months ago

                  look forward to confusing my sysadmins when I present them with a MLKEM pub key :)

                  Probably will use this on my homelab though.

                  • KAMSPioneer 7 months ago

                    Your sysadmin will indeed be confused, since ML-KEM public keys are not used for authenticating and are generated by the client and server automatically, analogous to Diffie-Hellman.

                    You can confuse them (albeit much less) when OpenSSH adds support for one of the PQ DSAs.

                  • undefined 7 months ago
                    [deleted]