undefined | Better HN

0 pointspalata2mo ago0 comments

> This article is more aimed at those specifying and implementing WebAuthN and SSH, than at those using them.

Sure, I'm just trying to understand the consequences of that. Felt great to finally have secure elements on smartphones and laptops (or Yubikeys), protecting against the OS being compromised (i.e. "you access my OS, but at least you can't steal my keys").

I was wondering if PQ meant that when it becomes reality, we just get back to a world where if our OS is compromised, then our keys get compromised, too. Or if there is a middle ground in the threat model, e.g. "it's okay to keep using your Yubikey, because an attacker would need to have physical access to your key, specialised hardware AND access to a quantum computer in order to break it". Versus "you can stop bothering about security keys because with "store now, decrypt later", everything you do today with your security keys will anyway get broken with quantum computers eventually".

0 pointspalata2mo ago0 comments

> This article is more aimed at those specifying and implementing WebAuthN and SSH, than at those using them.

0 comments

3 comments · 1 top-level

FiloSottile2mo ago· 2 in thread

If you are doing authentication with those hardware keys, you will probably be fine, if we do our job fast enough. Apple's Secure Enclave already supports some PQ signatures (although annoyingly not ML-DSA-44 apparently?) and I trust Yubico is working on it.

If you are doing encryption, then you do have reason to worry, and there aren't great options right now. For example if you are using age you should switch to hybrid software ML-KEM-768 + hardware P-256 keys as soon as they are available (https://github.com/str4d/age-plugin-yubikey/pull/215). This might be a scenario in which hybrids provide some protection, so that an attacker will need to compromise both your OS and have a CRQC. In the meantime, depending on your threat model and the longevity of your secrets (and how easily they can rotated in 1-2 years), it might make sense to switch to software PQ keys.

palataOP2mo ago

Thanks a lot, that helps!

> This might be a scenario in which hybrids provide some protection, so that an attacker will need to compromise both your OS and have a CRQC.

Did you mean "your OS and have a CRQC" here, or "your Yubikey and have a CRQC"?

FiloSottile2mo ago

I mean "your OS and have a CRQC" because they will need to compromise the software PQ key by compromising the OS, and derive the hardware YubiKey private key using the CRQC.

1 more reply

j / k navigate · click thread line to collapse