They still need help upgrading the key exchange to be quantum resistant if anyone needs a summer project.
this post was submitted on 25 Jun 2025
44 points (100.0% liked)
Cybersecurity
7644 readers
69 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
No they don't "need" help doing that. Quantum resistance is kind of a waste of time considering the largest number factored by these things is 21.
And the known algorithm we halve just square roots the search space on average. So a 256 bit key is still secure. Quantum resistance just seems like another industry scam to try and take us away from well supported open-source stuff.
The idea that people use quantum computers against meshtastic nodes is pretty funny to me. I think meshtastic attracts a certain kind of person who is security minded and maybe even prepper adjacent (like ham radio tends to). That leads to some odd things like worrying about nation states attacking their nodes.
To be clear, I'm not saying better security isn't worth it, nor am I saying it wouldn't ever happen, but the idea that folks are hiding things that important on meshtastic is a little silly to me. I think their biggest threat is other hobbyists. Not nation states.
It's mostly the issue of saving transmissions for later. Very much not a high priority but solid future planning in the face of governments plagiarizing Orwell and Huxley.
It's just math and the relentless march of technology. Fear not, we have lots of open source post quantum cryptography libraries.
Define "post quantum"
The point in time after the first qbit based supercomputers transitioned from theoretical abstraction to physical proven reality. Thus opening up the can-of-worms of feasabily cracking classical cryptographic encryptions like an egg within human acceptable time frames instead of longer-than-the-universes-lifespan timeframes.. Thanks, superposition probability based parallel computations.
From Wikipedia:
Post-quantum cryptography, sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer.
RSA 4096 is post quantum under this definition.
RSA 1024 is post quantum if you want to ignore progress in cryptography and use current algorithms. (We have no quantum computers that can crack it right now)
It's about preparing for quantum computers by using algorithms that are secure against conventional and future quantum computers. If you assume that a quantum computer will exist that can crack RSA 2048/4096, then all data that gets send right now can be decrypted at that time. If we get working quantum computers in 20 years then in 20 years all banking data, chat messages, emails,... send with RSA today can be compromised.
If we switch to algorithms that don't get easier to crack with quantum computers then even when they get strong enough nothing will change and only data send with older algorithms can be decrypted.
See also the rest of the Wikipedia article, here a continuation of my previous snippet:
Most widely used public-key algorithms rely on the difficulty of one of three mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or possibly alternatives.
As of 2024, quantum computers lack the processing power to break widely used cryptographic algorithms; however, because of the length of time required for migration to quantum-safe cryptography, cryptographers are already designing new algorithms to prepare for Y2Q or Q-Day, the day when current algorithms will be vulnerable to quantum computing attacks.
After quantum. Algorithms for after a quantum computer can crack what's current.
Can they? Can they really break RSA 4096? Because the algorithm we have to do that just turns it from 256 bits of entropy to 128, which is still not breakable.
Algorithms. Plural. Shor's and Grover's. Nothing public that can break anything in use but progress marches on and governments are always expected to be 5-10 years ahead
Hm. It appears I did not know about Shor's. :/ sorry.
Although I'm willing to bet that it requires an exponential amount of correction qbits.