Signal is rolling out quantum-safe key exchanges (opens in new tab)

(chaos.social)

4 pointslucgommans2y ago3 comments

3 comments

3 comments · 1 top-level

aborsy2y ago· 2 in thread

I’m now waiting for the Wireguard, going PQ, beyond the preshared keys!

Any idea if there is activity?

lucgommansOP2y ago

It is not mentioned on the project to-do list: https://www.wireguard.com/todo/

But I do seem to recall reading something about it when browsing the wireguard website a few days ago. Something to do with the underlying Noise framework not supporting it, and that being a blocker, I think. Looking through the repositories now, none of the recent activities (most recently active are wireguard-{freebsd,android}) are PQ-related

Edit: found it again on https://www.wireguard.com/known-limitations/

> Post-Quantum Secrecy

> WireGuard is not, by default, post-quantum secure. However, the pre-shared key parameter can be used to add a layer of post-quantum secrecy. It could be post-quantum secure were the public keys hashed instead of sent directly, but this is not part of the Noise Protocol Framework, on which WireGuard's handshake is based, and this hashing technique wouldn't enable forward-secure post-quantum secrecy either. The best bet for post-quantum security is to run a truly post-quantum handshake on top of WireGuard, and then insert that key into WireGuard's pre-shared key slot.

aborsy2y ago

Thanks! It doesn’t look very promising! SSH is already PQ-secure.

j / k navigate · click thread line to collapse