Google moved up its estimated deadline for quantum preparedness in cryptography to 2029—only 33 months from now. That’s earlier than previous deadlines, and they proposed the new post-quantum migration deadline because of two new papers that comprise a big jump in the state of the technology. It’s ahead of schedule, but not altogether unexpected. Cryptographers and engineers have been working on this for years, and as the deadline gets closer, it’s not surprising to see more precise timeline estimates come up.
  • bearboiblake@pawb.socialEnglish
    11·
    3 days ago

    There’s a pretty good blog post about potential backdoors in RSA on the Cloudflare blog but honestly I remember reading rumors about it on obscure internet forums and mailing lists going back a long time.

    For Ec25519, there’s some stuff about it in the History section of the wikipedia article.

    • CorrectAlias@piefed.blahaj.zoneEnglish
      10·
      3 days ago

      Isn’t the NSA portion in that Wikipedia article just explaining why people moved to using ec25519? It says:

      In 2013, interest began to increase considerably when it was discovered that the NSA had potentially implemented a backdoor into the P-256 curve based Dual_EC_DRBG algorithm.[12] While not directly related,[13] suspicious aspects of the NIST’s P curve constants[14] led to concerns[15] that the NSA had chosen values that gave them an advantage in breaking the encryption.[16][17]

      “I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry.”

      — Bruce Schneier, The NSA Is Breaking Most Encryption on the Internet (2013)

      Since 2013, Curve25519 has become the de facto alternative to P-256, being used in a wide variety of applications.[18] Starting in 2014, OpenSSH[19] defaults to Curve25519-based ECDH and GnuPG adds support for Ed25519 keys for signing and encryption.[20] The use of the curve was eventually standardized for both key exchange and signature in 2020.[21][22]

      That seems to say that people left P-256 for Curve25519.

      • bearboiblake@pawb.socialEnglish
        9·
        3 days ago

        Oh, sorry, you’re right. I can’t remember where I read about Ec25519 vulnerabilities now, but I do remember that I switched to using Ed25519 instead which was not vulnerable. I think it was something to do with random number generation, you might be able to turn something up on your preferred search engine - sorry for not being more helpful, I’m replying from my phone away from my computer.

        • Redjard@reddthat.com
          11·
          2 days ago

          There was a confusing name change, and it doesn’t help that ecdsa/ed25519 has two names, but the number 25519 is specific to this fixed version. Funnily if you quote search nsa and ec25519, this thread is the only result besides one ycom thread (which also is in context of them being safe).

          ec25519 is not a typical name for it used in any software afaik, only in writing.

          Edit: Historically ecdsa used to refer to the backdoored one. Since it has fallen so much out of use, ecdsa now means ed25519 since it’s usually imcorrecly called ecdsa and also changed to ed25519. It is of course better to specify 25519.