OpenSSH maintainers have released an update designed to protect against cyberattacks powered by advanced quantum computers.
With the release of OpenSSH 9.0, the secure networking utility suite will benefit from a "hybrid" key exchange system, in which a quantum-secure algorithm is combined with a traditional algorithm for encryption purposes.
As long as the endpoint and server are running the latest version, an attacker would have to break both algorithms at once to access data passing through the OpenSSH architecture.
post-quantum security
Although the latest quantum computers are still unable to establish a significant advantage over traditional computers, the maturation of the technology in the coming years is expected to create several problems from a cybersecurity perspective.
That is, large-scale quantum computers will have enough power to crack modern encryption, which means it would be a mistake to assume that data protected today will remain secure for years to come. Threat actors may already be collecting large amounts of encrypted data in hopes of one day gaining access to it.
The latest OpenSSH update is designed to protect against precisely this scenario, making it proof against future attacks backed by emerging computing technologies.
"The NTRU algorithm is believed to be resistant to attacks enabled by future quantum computers and is combined with the ECDH X25519 key exchange (the previous default) as protection against any NTRU Prime weaknesses that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo," the developers explained.
"We are making this change now (ie, before cryptographically relevant quantum computers) to prevent 'capture now, decrypt later' attacks where an adversary that can record and store the ciphertext of the SSH session could crack it once a sufficiently advanced quantum computer becomes available."
There is some debate as to when "cryptographically relevant quantum computers" arose. Researchers at the University of Sussex in the UK recently estimated that quantum machines powerful enough to crack Bitcoin's encryption will be in use within the next decade. And another expert on the subject, Avast's Jaya Baloo, told TechRadar Pro that she thinks that's a reasonable timeframe.
It is not certain that the protections implemented for OpenSSH will actually protect against attacks launched by quantum computers, because it is difficult to predict how powerful these machines will be.
Nonetheless, the move was welcomed by the cybersecurity and quantum computing communities. In a blog post, Cambridge Quantum's head of cybersecurity said the OpenSSH team should be commended for their foresight.
"Quantum presents both a threat and an opportunity to cybersecurity systems, and today's savvy businesses are exploring both sides of the coin," he said.
“OpenSSH has reminded the world that little is lost by aggressively adopting secure quantum algorithms, as long as a hybrid approach is used. Kudos to OpenSSH for getting the ball rolling.