SPN does not yet support PQC #1598
Comments
|
Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:
|
|
Hey @Kreyren, Thank you for raising your concerns. SPN definitely uses state of the art encryption. PQC is still experimental. While NIST has selected four algorithms for standardization in 2022 - CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON - none of them are standardized yet. Three of them have draft standards. None of them are available in the golang stdlib. Apart from that, practical quantum computers are still at least 10-30 years away. If your network traffic is worth saving 10 years and then paying for computation on a quantum computer "just in case", then whoever is targeting you has enough money to target you in other, faster, more practical, and cheaper ways. As soon as PQC is standardized and available, we will put it on the roadmap. |
dhaavi
added
unlisted
dhaavi
changed the title
NTRU was developed in 1996 and European Union recommended it on 7th September 2015 in PQCRYPTO https://pqcrypto.eu/docs/initial-recommendations.pdf and beyond the EU standardization it's standardized in IEEE Std 1363.1 and X9.98 and implemented by OpenSSH, WolfSSH, Lokinet, BouncyCastle, etc..
Willful missinformation: Atom Computing has 1225-Qubits already, Cleveland Clinic uses their quantum computer for healthcare research and most importantly IBM's Senior Vice President and Director of Research Dario Gill claims that there are no obstacles to get quantum computers with +100K qubits in 5 years
That's apparently what NSA and their data center in utah is doing to every day people as reported by forbes https://www.forbes.com/sites/netapp/2013/07/26/nsa-utah-datacenter with capacity to hold estimated exabytes of storage harvested through their global surveillance programs such as those explained by Edward Snowden during his interview by John Oliver on Last Week Tonight S2E8: https://youtu.be/SgTQDp1jwBw?t=2082 Because of that we can sanely claim that objectively that fits everyone's threat model. It's frankly alarming that you are the lead developer of SPN and yet are apparently this misinformed on the critical subjects and refuse to take this subject with the seriousness it deserves which is enough for me to want to disqualify SPN for it's use in NiXium. |
|
It seems we have different views on this. |
SPN claims to be coming with a
state of the art encryptionyet seems to be lacking any kind of management forPost Quantum Safetyas it's apparently not using a Post Quantum Safe encryption and it's unclear who runs the SPN nodes to probably sanely claim that it's also lacking management for Harvest Now, Decrypt Later to claim that all traffic sent over SPN is at a high risk of being collected and decrypted in the future.So it seems that you are not really solving any problems with VPN and seemingly adding problems as e.g. wireguard can be configured to use a post-quantum safe cryptography to manage this problem.
Please fix that, the idea of SPN seems good on paper and i would like to use it for our infra in https://github.com/NiXium-org/Nixium to provide clearweb services that do not expose the location of the server to the SPN service provider or anyone who's trying to locate the IP.
Referencing for details: FiloSottile/age#578
P.S: Cut out the marketing bullshit it makes you seem like glowie instead of someone who's serious about privacy and security to the point that majority of people i talked to about SPN didn't want to use it as it seems too suspicious.
The text was updated successfully, but these errors were encountered: