LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   gnupgp post quantum keys (https://www.linuxquestions.org/questions/linux-security-4/gnupgp-post-quantum-keys-4175699762/)

mtdew3q 08-26-2021 09:20 PM
gnupgp post quantum keys
 
Hi-

Once they make a standard for one of the algorithms being considered for post quantum cryptography, will we be able to use the same clients like kleopatra, SSH, etc. to use like a lattice key instead of RSA?

I just read on zdnet that one of the questions surrounding verizon's quantum VPN was the delivering keys (securely) to endpoints. Won't the programs I just mentioned run into the same issue?

thanks,
roboloki

mtdew3q 08-26-2021 10:33 PM
Hi -
I just recalled that like in ssh the private key never goes to the to other host.

I don't know what the guy at the zdnet article is talking about. It says VPN on google is asymmetric.

Quote:
For example, Verizon still relied on standard mechanisms in its trial to deliver quantum-proof keys to the VPN end-points. This might be a sticking point, if it turns out that this phase of the process is not invulnerable to quantum attack.
Why does he/she care if the key is securely transmitted if it is just a public key?

thanks
roboloki

gouttegd 08-27-2021 06:41 AM
Quote:
Once they make a standard for one of the algorithms being considered for post quantum cryptography, will we be able to use the same clients like kleopatra, SSH, etc. to use like a lattice key instead of RSA?
First, post-quantum algorithms have to be standardized by bodies such as the NIST or the IRTF Crypto Forum Research Group. That alone may take a while.

Then, for each application the corresponding IETF standards need to be updated to allow the use of whatever PQC algorithms are available. In the case of OpenPGP for example, the working group is already aware of that, but there’s nothing much they can do for now until the first step has been completed.

Then, it will be up to the developers to actually implement the thing.

Quote:
Quote:
For example, Verizon still relied on standard mechanisms in its trial to deliver quantum-proof keys to the VPN end-points. This might be a sticking point, if it turns out that this phase of the process is not invulnerable to quantum attack.
Why does he/she care if the key is securely transmitted if it is just a public key?
From what I understand, for the purpose of this test they generated all the keys for both sides at a single site, then sent one of the key pairs to the distant site. This is an artificial situation – I am not sure why they did it that way, and the article is poor on details ; maybe the distant site somehow lacked the capability of generating the keys? – in normal usage, both sides would generate a key pair independently.

Of course the problem of authenticating the public key of the peer – to be sure that you’re talking to who you think you are talking to – remains. As far as I know, this is nowhere near solved by post-quantum cryptography (which is not the silver bullet that some people sometimes believe it is). Likewise, PQC will also not solve the problem known as "Adi Shamir’s Law", which states that "cryptography is bypassed, not penetrated".


All times are GMT -5. The time now is 06:39 AM.