On 3/10/21 11:18 PM, Damien Miller wrote: >> There are those who feel that FFC should be thrown away in favor of ECC >> key exchanges and those who file that PQC is coming soon and will be >> able to factor ECC faster than FCC. > > I'm pretty much one of them :) I'm skeptical whether useful QCs will be > a thing in my lifetime, but the probability is far enough above zero that > it makes sense to use PQC if the costs aren't too high. On that note, I wonder if we should turn on post-quantum key exchange in the not too distant future, as the default most-preferred kex. IIUC the one we use is secure if our version of NTRU is secure *or* Curve25519 is secure, and since crypto code is constant-time there is little room for memory unsafety vulnerabilities. So it is low-risk, high-reward, unless I am missing something. > -d Sincerely, Demi
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
