Security Experts:

OpenSSH Moves to Prevent 'Capture Now, Decrypt Later' Attacks

OpenSSH has joined the high-stakes fight to protect data from quantum computers.

The latest version of the widely used encryption and connectivity tool has been fitted with new features to prevent "capture now, decrypt later" attacks linked to advancements in quantum computing.

Security experts warn that advanced threat actors are already stealing and storing encrypted data for a future when quantum computers are capable of cracking all known encryption algorithms and the latest moves by OpenSSH is meant to proactively address these risks.

According to notes published alongside the release of OpenSSH 9.0, the open-source group will now use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default, a move that includes a backstop against future discoveries of flaws in the NTRU algorithm.

[ READ: Quantum Computing Is for Tomorrow, But Quantum Risk Here Today ]

"The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo," OpenSSH explained.

"We are making this change now (i.e. ahead of cryptographically-relevant quantum computers) to prevent "capture now, decrypt later" attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available," it added.

OpenSSH is considered the default connectivity tool for remote login with the SSH protocol.  It is used to encrypt all traffic to eliminate eavesdropping and connection hijacking.

Related: Protection Against Side-Channel Attacks Added to OpenSSH

Related: The Promise and Threat of Quantum Computing

Related: Quantum Computing's Threat to Public-key Cryptosystems

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.