> I don't think OpenBSD wants to "profile itself" as anything.
Really? "Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography." Don't you think the above statement signifies profiling? IMHO, proactive security could very well include the idea of implementing post-quantum cryptography, in order to make the OS immune to quantum computing era we're soon about to enter. > Are post-quantum algorithms well reviewed and stable enough to be worth > using as defaults for OpenBSD full disk encryption, OpenSSH, > LibreSSL...? Did you read the Wikipedia article I linked in my original e-mail? "In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers.[2][7] While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks.[8] Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography." In other words, since Grover's algorithm (https://en.wikipedia.org/wiki/Grover%27s_algorithm) mostly affects asymmetric cryptography, in many areas the only change / enhancement needed is to use long enough encryption keys. This would apply to, for example, OpenBSD hard drive encryption. > Do you or anyone else have the expertise to implement them? Yes, I have: by simply choosing to use longer keys than before in symmetric cryptography. It seems to me you assume post-quantum cryptography means jumping to using some new, fringe algorithms. As explained in the Wikipedia article, that is not the case at least when it comes to symmetric encryption. And when it comes to asymmetric algorithms used, for example, by TLS, even there many people and some rather influential organizations are already working to find solutions -- for example: "Initially, NIST selected 82 candidates for further consideration from all submitted algorithms. At the beginning of 2019, this process entered its second stage. Today, there are 26 algorithms still in contention" https://blog.cloudflare.com/towards-post-quantum-cryptography-in-tls/ "The Transport Layer Security (TLS) protocol is one of the most widely-used security protocols in use today; it protects the information exchanged between web clients and servers all around the world. TLS is secure against today’s classical computers, however as its security relies in part on asymmetric cryptography, TLS is unfortunately vulnerable to attacks in the future from quantum computers." https://www.microsoft.com/en-us/research/project/post-quantum-tls/ Use Google. https://scholar.google.com.ph/scholar?hl=en&q=post+quantum+cryptography+algorithms -j. -- +358-404-177133 (WhatsApp) jyri.hov...@turvamies.fi
