OpenSSH 9.0 upgraded to resist attacks by quantum computers

OpenSSH 9.0 aims to resist attacks enabled by future quantum computers

Image:
OpenSSH 9.0 aims to resist attacks enabled by future quantum computers

Widely used connectivity suite has been beefed up to prevent 'capture now, decrypt later' attacks

The developers of the OpenSSH secure networking suite have released an update meant to protect users against cyberattacks powered by future quantum computers.

The latest OpenSSH 9.0 release of the widely used encryption and connectivity package now comes with added capabilities designed to prevent 'capture now, decrypt later' attacks posed by advances in quantum computing technology.

OpenSSH is an open-source version of the Secure Shell (SSH) protocol, which is used to encrypt and protect information sent between clients and servers over the Internet. OpenSSH technology is used in a range of scenarios, such as allowing remote login to servers and secure file sharing.

However, security experts have cautioned that advanced threat actors are collecting and storing encrypted data in preparation for a future in which quantum computers would be able to crack asymmetric encryption schemes.

The security in many traditional cryptography techniques comes from the difficulty of solving mathematical problems that modern computers can't solve in a reasonable amount of time.

While quantum computers are still in an early stage of development, they have the potential to substantially decrease the time and resources required to crack current public key encryption algorithms such as RSA and elliptic curve.

Despite the fact that this potential threat will only manifest itself in the future, the OpenSSH developers said they are making the change now to prevent capture now, decrypt later attacks, in which an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available.

OpenSSH group says it will now use the hybrid Streamlined NTRU Prime + x25519 lattice-based key exchange method by default, a move that includes a backstop against future discoveries of bugs in the NTRU algorithm. NTU Prime is one of the finalists in the US NIST Post Quantum Cryptography (PQC) competition designed to find encryption methods that are resistant to quantum computers.

"The combination ensures that the hybrid exchange offers at least as good security as the status quo," OpenSSH said.

How soon cryptographically relevant quantum computers will emerge is a matter of debate. A recent prediction from researchers at the University of Sussex is that quantum machines strong enough to defeat Bitcoin's elliptic curve encryption will arrive in the next 10 years.

The NATO Cyber Security Centre completed a test run of its quantum-proof network only a few weeks ago.

The trial, which started in March 2021, was completed in early January 2022.

"Securing NATO's communications for the quantum era is paramount to our ability to operate effectively without fear of interception," principal scientist Konrad Wrona said.

"Quantum computing is becoming more and more affordable, scalable and practical. The threat of 'harvest now, decrypt later' is one all organizations, including NATO, are preparing to respond to."