Conversation

Notices

1. Embed this notice
   Adrian Sanabria (sawaba@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:40 JST Adrian Sanabria

   • Kevin Beaumont

   @GossiTheDog doing a webinar in a few weeks, working on the slides

   • Embed this notice
     Antoinne Sterk (antoinnesterk@cyberplace.social)'s status on Saturday, 29-Mar-2025 06:07:23 JST Antoinne Sterk

     • Kevin Beaumont

     @GossiTheDog They keep chasing the dragon... 🐲

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:38 JST Sophie Schmieg

     in reply to

     • Kevin Beaumont

     @sawaba @GossiTheDog for small to medium sized businesses that are not doing anything more adventurous than TLS when it comes to cryptography, my advice would be, if there is some free engineering capacity, to turn on 0x11EC (X25519-ML-KEM768) in their TLS config, assuming their stack supports the cipher. (The various different stacks are adding support for that currently)
     That way, you can check if anything breaks, with both Chrome and Firefox negotiating that cipher by default, and Safari rolling out support for it. The main risk is with middleware breaking.
     In that threat model, it may not be the most urgent task, but it's relatively simple, depending on the used TLS stack. You can also turn on the equivalent KEX in SSH (supported in OpenSSH). Otherwise, in that threat model, I wouldn't do much at all (and even these two things are mostly optional, unless there are very strict long term confidentiality concerns).
     Of course, if your threat model is more adventurous, you might want to hire some cryptographers 🙂

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg

     in reply to

     • Kevin Beaumont

     @sawaba @GossiTheDog ugh, please don't.

     Yes it's overhyped, and yes consultants give extremely cringe talks about it, but no, this is neither a purely theoretical threat that can be safely ignored, nor is it business as usual when it comes to upgrading. Unless of course you consider potentially having to rip out the entirety of WebPKI and replacing it with something different as business as usual.

     You can see my talk about the practical challenge and the threat model here (about half way through) https://youtu.be/wsnHMvuxy5Q?si=yK6oObpptIQfyOs8

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg

     in reply to

     • Kevin Beaumont

     @sawaba @GossiTheDog but just in case you don't like watching my YouTube talks, here is the TLDR as to why you might need to care (not everybody has to care, figuring out who does is part of the difficulty):
     a) whether or not you believe the hype about quantum computers, regulatory pressure puts a hard deadline on the migration for 2035. That's ten years. For encryption in transit you have store-now-decrypt-later, which might incentivise you to move faster, although that is somewhat overhyped, as forward secrecy acts as a form of "quantum annoyance", it depends how high you value you long term confidentiality of your data.
     b) PQC algorithms are not easy drop in replacements. They are much, much larger than their classical counterparts, leading to quite a few use cases outright breaking (as the aforementioned WebPKI). Some of these are extremely difficult to migrate as a whole (again, as the aforementioned WebPKI), making 10 years not much time.

   • Embed this notice
     Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg

     in reply to

     • Kevin Beaumont

     @sawaba @GossiTheDog
     I agree that most small to medium companies probably do not have to care about any of this right now. Those that do probably know already. But it's not something that can be simply ignored by everybody.

     The main way to recognize overhyped nonsense is when they talk about inventory and agility. Unfortunately, neither of these terms is completely without merit, but they are the most favorite buzzwords of the hype peddlers. Really both of these boil down to proper key management. Something that is extremely difficult, but not unique or novel with PQC.

   • Embed this notice
     Adrian Sanabria (sawaba@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:40 JST Adrian Sanabria

     in reply to

     • Kevin Beaumont

     @GossiTheDog tl;dr - not a threat, you’ll update it anyway, probably don’t need special tools since we’ve been updating crypto forever