[Ach] considering your experience in selecting the perfect config string, would you...

Philipp Gühring pg at futureware.at
Mon Jun 30 00:17:38 CEST 2014


> So: what's up on the post-quantum crypto front? I've not seen any real
> candidate that you can implement without an overhead so great that the
> whole idea is useless anyway. But I'm also not a expert in that
> direction, so I'm very interested in new proposals and more information
> in that direction.

I started a project to bring Post-Quantum Crypto into SSL/TLS about a year
We now have several proposals covering certificate issueing, key exchange,
encryption and signature.
We have running code for some parts of it, and I succeeded to run a real
TLS session on my computer with Post-Quantums algorithms already.
But we are still a lot of work away from production and migration ready.
The good news for you is that encryption and signatures will be likely
much faster and smaller than RSA in the long run, but I currently think
that we should keep RSA in place for a while, until enough people are
convinced that the new algorithms are sufficiently secure on their own, so
it will not be faster in the near future, but it will also not slow it
down too much. For key exchange, we might add half a round-trip or a full
roundtrip, but it will be hopefully even stronger than classical DHE.

Best regards,
Philipp Gühring

More information about the Ach mailing list