|
|
Log in / Subscribe / Register

Hybrid should be required

Hybrid should be required

Posted Dec 10, 2025 1:16 UTC (Wed) by brunowolff (guest, #71160)
In reply to: Hybrid should be required by hailfinger
Parent article: Disagreements over post-quantum encryption for TLS

There are actually use cases for RSA and ECC only. They require enough less resources than PQ algorithms that it might matter. For systems with secrets that expire quickly, PQ protection may not be important, since as far as we know there aren't currently any PQ machines that can break currently used key sizes for RSA and ECC. The converse isn't true, as there is very litte extra relative cost to adding RSA or ECC to a PQ algorithm and there is significant safety added by doing so.

to post comments

Hybrid should be required

Posted Dec 10, 2025 11:52 UTC (Wed) by hkario (subscriber, #94864) [Link]

ML-KEM-768 is actually faster than X25519, ECDH with P-256, not to mention FFDH 2048...


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds