Some services are slowly developing post quantum resistant protocols for their services like Signal or Tutanota. When will this be a thing for the web?

  • Godort@lemm.ee
    link
    fedilink
    arrow-up
    24
    ·
    1 year ago

    There are solutions currently in development, but as far as adoption goes, most sites won’t use them until there is a real need.

    Looking back 10 years ago, even HTTPS didn’t have widespread adoption like it does now.

    • mvirts@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Hmmm real need… we need it now, lots of traffic is being harvested now for cracking later.

      • Godort@lemm.ee
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Oh I fully agree. However, the people that control the purse strings in business will not take IT security seriously until something bad enough happens that it either makes the news or affects them directly.

        • mvirts@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          True. I just think of the hubble program and how what we learned was that there were already a bunch of them pointing at earth. I think quantum computing will be the same. 127 qubit machines are now publicly available… so what’s available to the cia?

          Idk if that will ever hit the bank accounts that matter

      • httpjames@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Using a symmetric pre-shared key based VPN can help mitigate this issue. While the actual HTTPS data will still use non-PQR cryptography, Wireguard’s XChaCha20 and OpenVPN’s AES-256-CBC are considered safe against quantum computers since they don’t use asymmetric cryptography.

        Of course, you still need to trust the VPN provider.

        • Sources have dried up now that the Snowden’s and Assanges of the world have gone into hiding, but they definitely used to collect massive amounts of data for years.

          The NSA capturing traffic for later decryption is mere speculation. They’re not exactly going to admit doing so and I doubt anyone is going to commit career suicide and flee to Russia just for getting this out. However, they’d be wasting money on servers if they weren’t doing it. There have been tons of bugs and vulnerabilities allowing decryption after the fact after weak RNGs and protocol bugs have been found. It wasn’t that long ago that a website using a paid certificate for encryption would only require one key per website per year to decrypt all traffic. Give it a year or five and a mid sized company can easily start brute forcing through 2005 style HTTPS keys for cheap. Surely those NSA billions are ahead of the curve.

          With a little preselection based on the plaintext domain name or the IP address of the target, they could easily gather all relevant information while filtering out things like images and videos. That’s still a lot of data, but it’s manageable.

      • PowerCrazy@lemmy.ml
        link
        fedilink
        arrow-up
        5
        arrow-down
        6
        ·
        1 year ago

        Who has an interest in cracking your https traffic to say, lemmy? If it’s a nationstate, they already have access to root private key certs and that attack angle will not be mitigated with “quantum” encryption. If it’s Capitalism, i.e. google-ads or whatever, then it’s a marginal utility issue. If they harvested some of your https traffic from 20 years ago, it’s pretty worthless as far as metadata for ad-targeting etc goes. I don’t really see what “quantum encryption” would gain you.

        • moody@lemmings.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          I’m a nobody, and I don’t expect there’s anyone who wants to access my encrypted traffic, but someone out there is important enough to the right people that would love to get access to that kind of stuff.

      • Godort@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        It depends if the new encryption methods are compatible with the key exchange mechanism.

        • Spotlight7573@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Considering this proposal is used for the key exchange, they definitely need to update both the client side and server side part to be able to make use of it. That’s the kind of thing that may take years but luckily it can fall back to older methods.

          It also needs to be thoroughly vetted so that’s why it’s a hybrid approach. If the quantum resistant algorithm turns out to have problems (like some others have), they’re still protected by the traditional part like they would have been, with no leaking of all the data.

          • CanadaPlus@lemmy.sdf.org
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            1 year ago

            So how does it work? I guess they exchange keys both ways and then hash them together?

            Honestly lattice encryption has been vetted for three decades now. We still can’t say for sure P is not NP, but I’m far more worried about someone getting a quantum computer early than a sudden breakthrough on breaking either kind of algorithm.

              • CanadaPlus@lemmy.sdf.org
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                1 year ago

                Huh. I guess whatever algorithm comes next is resistant to half of the secret being compromised, then.

                Edit: It looks like they concatenate things from the two algorithms a few times in the process, so maybe they figure it would be difficult to isolate a vulnerability assuming either one is strong.

        • CanadaPlus@lemmy.sdf.org
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Key exchange works pretty much the same way as with prime/DLP-based algorithms. It’s just different math (and more data!) being used.

          Source: Math background, I know how the magic works. At least in theory.

    • Spotlight7573@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Yeah, I feel like it’s going to take both browser vendors shaming sites once a standard is developed/finalized and something like a quantum version of whynohttps.com to drive adoption.

      The problem really is the store and decrypt nature of it. It could be used against old data so the time when it needs to be implemented is before it becomes possible to decrypt. I feel like people aren’t good about planning like that and tend to be more reacting to what is currently possible.