You might already know a lot about the quantum threat, or you might just have heard of it. You might know that there are remedies that would make you quantum-safe. However, you might not know that there is a wide variety of alternatives. Which one is the right one for your organization? Let’s find out.
Quantum cryptography sounds like a perfect solution. You use novel quantum mechanical phenomena to transmit your message and guarantee its safety. Take Quantum Key Distribution as an example. You build a dedicated link between two computers, and the message you transmit is not only perfectly safe, but it’s also tamper-proof since any third party intercepting and reading the encrypted data would also destroy it and make it unreadable.
However, the downsides are also obvious. You do need a new physical link (fiber cables or line of sight) and expensive quantum-capable hardware at both ends of the communication. Your cybersecurity costs go through the roof while you focus on protecting an individual data link, and the rest of the system stays vulnerable. Not so ideal after all.
Post-Quantum Cryptography (PQC) is much easier. Utilizing existing communications hardware and protocols like SSH or TLS, PQC includes new, more robust algorithms to replace the part in a public key cryptosystem that is the most vulnerable against the quantum threat: the asymmetric key exchange. Implementations are easy to deploy and configure and cost a fraction of a quantum cryptography system. However, they still do their job of protecting against the quantum threat and let your organization continue its business as usual.
This is true for practically all financial, logistics, healthcare, and government organizations, which all handle data that is critical for the survival of the organization.
For securing your SSH/SFTP communications, we recommend SSH Tectia Quantum-Safe Edition. Fully compatible with Tectia Client/Server and the most relevant third-party implementations, it provides a set of post-quantum algorithms recommended by NIST (US) and BSI (Germany). We practice Crypto Agility: as a subscriber, you always have the most relevant recommended encryption algorithms in use by default.