OpenSSH 9.0 released

Posted Apr 9, 2022 17:49 UTC (Sat) by JoeBuck (subscriber, #2330)
In reply to: OpenSSH 9.0 released by ballombe
Parent article: OpenSSH 9.0 released

The NSA does not own all of the world's cryptographers and will be unlikely to succeed again at inserting a back door into a standard, since they got caught (see https://en.wikipedia.org/wiki/Dual_EC_DRBG ). Experts will be looking harder next time, and there was enough troubling analysis at that time that almost everyone rejected that algorithm.

But we could reverse your argument: suppose that NSA has secret advanced technology to use quantum computing to break current cryptography, not quite ready yet but close. How to protect that? We wouldn't want people to switch away from algorithms that they are close to breaking. Maybe by spreading paranoia about the post-quantum crypto contest?

OpenSSH 9.0 released

Posted Apr 11, 2022 12:13 UTC (Mon) by ballombe (subscriber, #9523) [Link] (1 responses)

Sorry but the the NIST competition is a major force toward the use of post-quantum crypto.

OpenSSH 9.0 released

Posted Apr 11, 2022 14:26 UTC (Mon) by Paf (subscriber, #91811) [Link]

Yes, that’s exactly the point being made. It is a force for that and so spreading uncertainty about it helps an agency that doesn’t want that transition to occur. Not saying you’re doing that but the point is the logic can go in either direction. (Which doesn’t mean it’s wrong, I think it just means we don’t know.)