"For developers, the change applies only to SSH remotes, leaving HTTPS operations unaffected. GitHub said existing key-exchange methods remain secure today but could be broken in the future by large-scale quantum computers. The hybrid model pairs the established X25519 elliptic-curve exchange with the Streamlined NTRU Prime algorithm to counter what it described as the "store now, decrypt later" risk. That concern is not unique to GitHub."
"Although large-scale quantum attacks remain theoretical, the mathematics are clear. Public-key systems such as RSA and ECC rely on problems like factoring or discrete logarithms that quantum algorithms such as Shor's could solve efficiently. In the SSH world, practitioners are already referencing the "harvest now, decrypt later" tactic as justification for acting early, as noted by SSH Communications Security. For most GitHub users, the transition has been seamless."
GitHub enabled a hybrid post-quantum SSH key-exchange algorithm, sntrup761x25519-sha512, on 17 September 2025 across GitHub.com and most Enterprise Cloud regions outside the US. The phased rollout means some SSH clients still negotiate legacy algorithms while regional updates finish; U.S. regions will follow later due to FIPS requirements. The change affects only SSH remotes; HTTPS remains unchanged. The hybrid pairs X25519 with Streamlined NTRU Prime to mitigate the 'store now, decrypt later' threat from future quantum computers. Industry bodies warn that quantum advances could undermine current public-key cryptography, prompting early protective measures.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]