This is a terrible headline, because while cryptography and cryptanalysis interest hackers, applying quantum computations to code breaking isn’t a “hack” in the way we usually define such things.
‘No time to waste’: NIST formally issues standards for defense against quantum hacking
Nine or ten years since I first installed a Google Chrome beta that contained Ring Learning With Errors, looks like now everything is going to have features like this.
Background:
A brief explanation for those who are still at the buzzword level of understanding is in order. There are all sots of cryptographic algorithms in the world, which we use for 1) communicating privately, 2) obfuscating data at rest, and for 3) verifying integrity. We’ve discussed all of that here, some real world examples will help.
When we use ssh to communicate between systems or a web browser to talk https to a web site, that involves public key cryptography. The public side of a “key pair” for each system is exchanged, which permits partners to encrypt data for the public key owner, which can only be read by their private key. There is no harm in disclosing a public key, in fact there are things like the PGP email encryption system that require you to add your public key to a directory so others can email you.
Here, have a public key from something of mine - that’s the public side of an ED25519 key pair.
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEXjGN4RHNcfVxA5u4F+SrVoWgLoaLCndQ3uvUyuxw9h user@nrauhauser
The aptly named Data Security At Rest is about how to encrypt files and devices so that they remain secure in the event someone else has access to them. There’s no public key exchange stuff here, you just make long, difficult to guess passphrases, which are then used for fast symmetric encryption. That is the goal with the public key exchange stuff for communications - it’s secure but not fast, you use it to exchange randomized encryption secrets that are only used for the duration of one connection.
If you’ve looked at document dumps mentioned here you will have noticed there are SHA256 checksums of the files involved. This is a “cryptographic hash” - you feed it a random amount of data and it produces an impossible to reverse fixed sized checksum. Another place you would see this is in checksums for downloads, like when you get a new TAILS ISO and you want to be sure it’s legitimate.
What To Expect:
For you, dear end user, this is likely going to be pretty transparent. You’ll get new browsers and such, they’ll include new encryption algorithms as defaults, and that will be that.
For system admins, the switch to quantum resistant cryptographic algorithms is going to be akin to the Y2K update - everything has to be changed out. Unlike Y2K there isn’t an operational drop dead date, this is a policy decision. If you’ve ever had to tinker with SSL certs you know SSL through 3.0 has been declared dead due to POODLE, and that TLS v1 is also fading quickly. If you’re concerned, you may go through and ban pre-quantum algos, forcing the issue with older client software.
I wasn’t paying attention, so I missed what I presume was the obligatory independent humans vs. government zombies battle over which algorithms became the standard. Every time this happens the NSA tries to kneecap the new standards, so they look right, but they can still crack stuff. Previously this had involved blizzards of traffic on listservs, full of mind bending mathematics, and the normally staid cryptography world reveals the same warm, collegial relationships early 20th century Egyptology had. You have to be a special sort of weird to even follow it, let alone participate, and I’m glad I sat this one out. I hope they got it right.
Conclusion:
This is good news. If you’re just using solutions, as opposed to crafting or selecting them, all you have to do is be aware of this change, maybe read the notices about software you use. For me, I’m gonna read the new standards in detail and start looking for places where I can retire the pre-quantum algos. Since I have just low dozens of systems with OpenSSH servers on them, and fewer than a dozen web systems with broadly accessible TLS, I can probably get really aggressive about this.
But first it appears I have even more reading to do …