this post was submitted on 16 Sep 2025
63 points (95.7% liked)

Technology

75191 readers
2791 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
63
GitHub introduces hybrid post-quantum SSH security to better protect Git data in transit (alternativeto.net)
submitted 1 day ago by sun@slrpnk.net to c/technology@lemmy.world
11 comments fedilink hide all child comments
top 11 comments
sorted by: hot top controversial new old
[–] probable_possum@leminal.space 11 points 20 hours ago* (last edited 16 hours ago)

data in transit

Yes, but then it is stored unencrypted on github. Ready to be used as training data by github.com/ Microsoft or whoever. Which isn't bad per se for i. e. public repositories. Just pointing out, that the weakest link in your chain of security measures is the... weakest link.

If you wanted to secure your code, you could store it on-site, behind a firewall, in its own network segment, with encrypted offsite backups. Elliptic curve cypto would help too in this scenario. And MFA. And access restrictions. Many possible measures.

[–] dohpaz42@lemmy.world 35 points 1 day ago* (last edited 1 day ago) (1 children)

If you are like me and not sure what “post-quantum SSH security” means, you should read this. TL;DR it’s an algorithm believed to be unbreakable by quantum computers.

[–] wetbeardhairs@lemmy.dbzer0.com 15 points 1 day ago* (last edited 1 day ago) (4 children)

AFAIK quantum computing's only demonstrations of being able to break encryption using Shore's algorithm was in a toy problem where they already knew the answer and it was like 5 bits long and satisfied a particularly easy pattern. I'll be impressed when it can break 192-bit encryption with proper entropy.

[–] truthfultemporarily@feddit.org 20 points 1 day ago (1 children)

The threat model is that all communication is recorded and will be decrypted once the technology becomes available. The question then becomes for how long you want your data to be secure. If its for example 40 years, you need to chose an algorithm today that is still secure in 40 years.

[–] boatswain 2 points 17 hours ago

NIST says 2035 should be the target date for organizations to get to something quantum resistant. The talk I saw at DefCon this year laid out a very convincing argument that due to advancements in the implementation of Shorr's, as well as one other algorithm, that's not an aggressive enough target and we should really be shooting for 2030. Apparently IBM has never missed a target date, and they're looking at having enough logical Qubits by 2032 or so.

[–] FaceDeer@fedia.io 6 points 1 day ago

If you haven't already switched to more secure algorithms you'll be impressed and also penniless when it can break 192-bit encryption with proper entropy.

[–] 9tr6gyp3@lemmy.world 9 points 1 day ago (1 children)

I believe quantum computers are only going to really threaten asymmetric encryption, like the one used in SSH keys. Things like RSA, DSA, and ECDSA, as well as Diffie-Hellman key exchanges are potentially weak to future quantum computers brute forcing those integers.

Symmetrical encryption should hold up much better against quantum. An algorithm like AES or ChaCha20 should be fine with a bit key length of 256 or higher.

Or just move to the post-quantum algorithms to be safe.

[–] wetbeardhairs@lemmy.dbzer0.com 5 points 1 day ago (1 children)

Meh. I think quantum computers are technological hocuspocus that is used as justification for companies like D-Wave to generate billions of dollars for a few financial executives. The science is real. The engineering is real. The technology is a toy and its uses are extraordinarily limited and out-competed by normal computers.

Can it optimally solve the travelling salesman problem? Sure. With many thousands of bits. Can a classical computer with a fancy algorithm get close enough for practical use cases? Yes. With today's technology and enough power to run an old lightbulb.

[–] 9tr6gyp3@lemmy.world 6 points 1 day ago* (last edited 1 day ago)

You're right. Only thing is that this is currently being worked on by multiple nation states as well, as these theories do have a military advantage. There will be money and resources pouring into this field for decades.

Even if it takes another 3 or 4 decades, the goal posts are planted, and I think Q-Day will eventually happen. Of course, im just assuming and can't know the future. For now, it is a toy as you have said.