November 21, 2022

Why Quantum-Safe Privileged Access Management Matters

Quantum computers already exist and their efficiency is increasing. While they promise great advances for the medical, biotech, and materials industries to name a few, sooner or later, they will also put classical cryptography in danger. Without going into details, the tried-and-true method of adding more bits to the encryption algorithms to make them more secure won’t protect classical encryption from attacks powered by sufficiently efficient quantum computers.

Encrypted traffic that has long-term value is being captured as we speak. When a cryptographically relevant quantum computer is available, it can break classical encryption, leaving valuable information like diplomatic, financial, trade, government and military secrets exposed.

This attack method is called “Harvest now, decrypt later”, and it makes the Quantum Threat a serious concern for all encrypted traffic of long-lasting value.

The time to start usingpost-quantum cryptography algorithms is now. Any session granting access to secrets of permanent value should be protected by quantum-safe algorithms, and this applies also to privileged access management.

The good news is that we can make it work with existing protocols, like the Secure Shell (SSH). This is why we at SSH introduced a set of hybrid key exchange algorithms (KEX) for the SSH protocol, allowing you to establish quantum-safe privileged connections to highly critical targets. Even if someone were to capture these sessions, their encryption cannot be broken by quantum computers.

Our hybrid PAM PrivX supports the following quantum-safe SSH KEX algorithms for connections: 

  • ​​​​​​​ecdh-nistp521-kyber1024-sha512@ssh.com 
  • curve25519-frodokem1344-sha512@ssh.com 
  • sntrup761x25519-sha512@openssh.com 

We've had the honour to lead the collaboration with the Finnish authorities and other stakeholders in developing quantum-secure encryption in the PQC Finland project.

We introduced our quantum-safe line encryptor solution NQX already years ago and made secure remote access, application-to-application tunnelling, and file transfers quantum-safe last year with Tectia

It was only a logical step to develop quantum-safe privileged access management. 

 Learn more about our scalable, efficient, and highly-automated PAM PrivX. 

 

Jani Virkkula

Currently employed by SSH.COM as Product Marketing Manager, Jani is a mixed-marketing artist with a strong background in operator and cybersecurity businesses. His career path of translator->-tech writer -> marketer allows him to draw inspiration from different sources and gives him a unique perspective on all types...

Other posts you might be interested in