Fiona  
If you are still designing and implementing cryptographic protocols that are insecure against attackers with quantum computers, what is wrong with you?

Especially for companies there really is no excuse anymore and anyone who still uses pre-quantum crypto by the start of the next year should be fined. I’m sick and tired of the claims that it’s difficult, if you are not even working on it. (Which is evident from the lack of jobs in the field!)

Maybe I should just start looking at projects, at least of companies and start filing CVEs… 🤔

#ITsec #postquantumcryptography #PQC
Feb 21 at 1:01pmWeb
Show threadFiona  Feb 21
The other reason to start fining soon is that we see time and time again that companies only ever start working on things if the fines are imminent. if we gave them 10 years to fix this, they would wait for 9 and then start in the last few months being super surprised.

Might as well cut out the pointless delay.
Show threadFionaFeb 21
@Fiona When PQC X.509 certificates? Admittedly for the common TLS usage far less urgent than key exchange… ​
Show threadFiona  Feb 22
@airtower Now… 😉
X.509

Open-source software for prototyping quantum-resistant cryptography

Open Quantum Safe
Show threadFionaFeb 22
@Fiona They're very clear that it's prototype software and not recommended for production, so I can't blame anyone for not doing that. ​

The hybrid key exchange identifiers are still only defined in a draft, and as far as I'm aware ones for certificate public key algorithms are still missing. Sure, private use IDs work in a lab setting, but not for production.
Show threadPixtxa Feb 21
@Fiona How do I know if my algorithm and it's implementation is secure? 🥺👉👈
Show threadBenBEFeb 21
@Pixtxa Well, if it uses the RSA assumption or the DLP for its security proof, chances are, it's not secure …
Show threadPixtxa Feb 21
@benbe I don't know what it does. Guess it's AES?