Grab your chance to talk to us!

Join our AMA on r/BuyFromEU
June 26, 5 PM CEST | 11 AM EST
Ask us anything: tech, privacy, business model, AI, digital sovereignty, anything!

https://www.reddit.com/r/BuyFromEU/comments/1lk1vhp/ama_tuta_team_building_quantumresistant_encrypted/

Linus on "[#Linux #kernel] Module signing and post-quantum crypto public key algorithms":

'"I'd suggest you worry more about the rumors that Kazakhstan is growing a veritable army of gerbils, and giving them all ABACUSES!

What's your plan for that imminent attack vector? Because they could be here any day.

Yes, yes, please stop using RSA and relying over-much on big prime numbers. But let's not throw the "Post Quantum" word around as if it was reality.

The reality of kernel security remains actual bugs - both in hardware and in software - not some buzzword."'

https://lore.kernel.org/all/CAHk-%3DwgYdf08uju5UrDZ9kEgsC9yrtBNOTzSX6zAbOdRfg%2BJkA@mail.gmail.com/

Now available in #RHEL 10 as technology preview: #PostQuantum #Cryptography.

Yours truly with the details: https://www.redhat.com/en/blog/post-quantum-cryptography-red-hat-enterprise-linux-10

Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .

If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.

https://blog.cr.yp.to/20250423-mceliece.html

My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.

Again.

Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).

Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.

[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time

This week in #FDroid (TWIF) is live:

* #kitshn for #Tandoor update mixup
* #etchdroid 2.0 now w/ #MaterialDesign
* #KOReader for more devices
* fight #quantum with #Tuta #postquantum #email and #calendar
* 20 years of #git, get #forgejo and #gitnex
* #OrganicMaps community open letter
* #ToSDR to the rescue
+ 8 new apps
+ 92 updates
& 4 archived

Git clone this post: https://f-droid.org/2025/04/17/twif.html

Accelerating The Adoption of Post-Quantum Cryptography with PHP

https://paragonie.com/blog/2025/02/accelerating-adoption-post-quantum-cryptography

Published a minor update to my #postquantum #cryptography in #Java piece from yesterday: https://www.infoq.com/news/2024/12/java-post-quantum/

The AU government has announced similar rules, but they come in to force 5 years earlier than the US ones! #programming #quantum

Naughty or nice? Santa doesn’t need to know.

Tuta’s encrypted calendar keeps your events so private, even Santa stays in the dark.

IETF has a draft up for #PQC functionality baked into OpenPGP https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/ #postquantum

Post-Quantum Cryptography in OpenPGP - an IETF draft

#openpgp #pgp #postquantum

https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/

Post-quantum cryptography posts.

13.08.2024: NIST releases first three finalized PQC encryption standards.
Source: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

12.09.2024: GnuPG announces release of 2.5.1 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000485.html

PQC: https://en.wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018

Go ahead and start implementing these, folks. Maybe get some help from a friendly neighborhood cryptographer, though, so you don't set them up incorrectly; we've seen this a lot with the current batch of algorithms.

https://www.theregister.com/2024/08/14/nist_postquantum_standards/

Post-Quantum PASETO and PASERK specification proposals!

https://github.com/paseto-standard/paseto-spec/pull/36

https://github.com/paseto-standard/paserk/pull/22

New standards for post-quantum encryption adopted!

The US authority NIST has published groundbreaking standards for post-quantum cryptography. This technology will protect our data in a future where quantum computers could crack conventional encryption methods. An important step for cyber security!