"GitHub is introducing a hybrid post-quantum secure key exchange algorithm for SSH access when interacting with Git over SSH. The new algorithm, sntrup761x25519-sha512 (also known as sntrup761x25519-sha512@openssh.com), combines Streamlined NTRU Prime (a post-quantum cryptography scheme) with the classical curve X25519. This change aims to safeguard Git data against potential future threats from quantum computers that might decrypt SSH sessions recorded today."
"This update affects connections via SSH endpoints for Git data (not HTTPS) and rolled out starting September 17, 2025, for GitHub.com and non-US GitHub Enterprise Cloud regions. The US region is excluded initially because stricter FIPS cryptographic standards apply there, and the new algorithm isn't yet FIPS-approved. GitHub Enterprise Server 3.19 will also include the new post-quantum option. For those unfamiliar, Post-quantum cryptography (PQC) refers to a new class of cryptographic algorithms designed to withstand attacks from quantum computers."
GitHub is adding sntrup761x25519-sha512, a hybrid key-exchange combining Streamlined NTRU Prime and X25519, to protect Git over SSH. The algorithm protects recorded SSH sessions from future quantum decryption. Deployment began September 17, 2025 for GitHub.com and non-US GitHub Enterprise Cloud regions. The US region is excluded initially due to FIPS requirements and pending FIPS approval. GitHub Enterprise Server 3.19 will include the post-quantum option. Post-quantum cryptography (PQC) relies on lattice and other problems resistant to quantum attacks. Hybrid modes combine classical and PQ algorithms to preserve interoperability while improving future security. NIST-led standardization efforts guide adoption of such algorithms.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]