Filippo Valsorda15h ago

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show threadArian8h ago

@filippo What about WebAuthn, Passkeys, etc?

I don't see any movement in that side of the pond. Just as we are convincing everyone to switch to them

Show threadFilippo Valsorda8h ago
@arianvp I do think they should get moving. But also, a passkey with a broken signature algorithm is still more secure than a password: the attacker needs the public key to fake a signature, and that's only in the website's database. I think it should still be phishing-resistant, too.
Show threadArian
@filippo yeh I guess the privacy-preserving aspects of the WebAuthn API paid off here.
10:21pmWeb