The News: The OpenSSH development team announced that it has added critical features to the latest OpenSSH 9.0 secure remote access tools to prevent future quantum computing hackers from capturing encrypted data today and decrypting it later when powerful quantum computers would be available to assist their cyberattacks. Prevention of such “capture now, decrypt later” scenarios by hackers is a serious security worry as quantum computer development continues because the machines are so powerful that they will be capable of quickly solving and defeating today’s best security algorithms. Read more about the OpenSSH 9.0 at Security Week.
Future Quantum Computing Hackers Thwarted by New OpenSSH Encryption Security Features That Prevent Capture Now, Decrypt Later Attacks
Analyst Take: For enterprise quantum computing users of tomorrow, I believe that this breakthrough by OpenSSH to effectively prevent future quantum computing hackers from illegally capturing and keeping encrypted data now for decryption later is a major boon for the development of enterprise quantum computing.
And these OpenSSH 9.0 capabilities arrive just in time, as security experts continue to worry that these captures of encrypted confidential business data have been underway for some time by cybercriminals with nefarious plans for future cyberattacks. Without a means to prevent that data from being unencrypted later, all enterprises that are victimized today by such data captures would be incredibly vulnerable in the future, as quantum machines and their power become available to cyberattackers.
I think that this proactive move by the OpenSSH open source project is critical to ultimately making this security battle a success for enterprises, including banks, financial institutions, energy companies, manufacturers and other businesses that could benefit greatly from the potential of quantum computing power in their operations.
In release notes which accompanied the April 8 launch of OpenSSH 9.0, the organization said that the newest version uses the hybrid Streamlined NTRU Prime + x25519 key exchange method by default (“firstname.lastname@example.org”) to prevent capture now, decrypt later attacks. NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data, according to Wikipedia.
“The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future,” according to the OpenSSH release notes. “The combination ensures that the hybrid exchange offers at least as good security as the status quo.”
The announcement of these new features to fight attacks by future quantum computing hackers aims to prevent these potential problems from worsening, the release notes continue.
“We are making this change now (i.e., ahead of cryptographically-relevant quantum computers) to prevent “capture now, decrypt later” attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available.”
OpenSSH is a widely-used remote log-in and encryption tool that uses the SSH protocol.
A Smart, Forward-Looking Strategy by OpenSSH
All of this, of course, is still quite a bit ahead of usable quantum computing for enterprises, but I think that is the good news here. The work of the OpenSSH team to make improvements such as these way before future quantum computing hackers gain access to market-ready quantum computers is a brilliant move for the industry.
Remember the mad rush as Y2K approached in late 1999 and so many companies had to scramble to deal with the potential effects of that coding issue?
By making these kinds of improvements and adjustments today, future quantum computing hackers could pose less of a threat through capture now, decrypt later attacks, reducing worries for enterprise IT leaders.
Certainly, this will not be the only enterprise security issue that will arise with the coming of quantum computing, but in my view this situation shows that interested organizations such as OpenSSH will keep working to find ways to continue to bolster security and safety as quantum evolves in the marketplace.
I think this will be a fascinating situation to follow closely in the coming years as usable quantum computing approaches and additional unforeseen cybersecurity challenges likely arise as well. This will be quite a ride.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.