Some services are slowly developing post quantum resistant protocols for their services like Signal or Tutanota. When will this be a thing for the web?
Currently being investigated by browser makers but not something they can just do on their own like Signal.
Here’s Chromium’s current proposal that they’re testing:
https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
This is really interesting, thanks
Do you know if Firefox and/or Safari have indicated if they’ll be supporting this scheme too?
thank you for this article
There are solutions currently in development, but as far as adoption goes, most sites won’t use them until there is a real need.
Looking back 10 years ago, even HTTPS didn’t have widespread adoption like it does now.
Hmmm real need… we need it now, lots of traffic is being harvested now for cracking later.
Oh I fully agree. However, the people that control the purse strings in business will not take IT security seriously until something bad enough happens that it either makes the news or affects them directly.
True. I just think of the hubble program and how what we learned was that there were already a bunch of them pointing at earth. I think quantum computing will be the same. 127 qubit machines are now publicly available… so what’s available to the cia?
Idk if that will ever hit the bank accounts that matter
Who has an interest in cracking your https traffic to say, lemmy? If it’s a nationstate, they already have access to root private key certs and that attack angle will not be mitigated with “quantum” encryption. If it’s Capitalism, i.e. google-ads or whatever, then it’s a marginal utility issue. If they harvested some of your https traffic from 20 years ago, it’s pretty worthless as far as metadata for ad-targeting etc goes. I don’t really see what “quantum encryption” would gain you.
True it’s definitely tinfoil hat territory
Using a symmetric pre-shared key based VPN can help mitigate this issue. While the actual HTTPS data will still use non-PQR cryptography, Wireguard’s XChaCha20 and OpenVPN’s AES-256-CBC are considered safe against quantum computers since they don’t use asymmetric cryptography.
Of course, you still need to trust the VPN provider.
Awesome! Thats good info, thanks!
“Lots”
Citation needed
Yeah, I feel like it’s going to take both browser vendors shaming sites once a standard is developed/finalized and something like a quantum version of whynohttps.com to drive adoption.
The problem really is the store and decrypt nature of it. It could be used against old data so the time when it needs to be implemented is before it becomes possible to decrypt. I feel like people aren’t good about planning like that and tend to be more reacting to what is currently possible.
deleted by creator
