12Oca
Is OpenSSH currently secure against quantum computer attacks in future?
When I use the latest OpenSSH with default settings (which afaik uses mlkem768x25519-sha256 or at least sntrup761x25519-sha512) and an attacker records all the traffic (key-exchange and the payload during the ssh-session) for a record-now-and-decrypt-later-approach, will the attacker will be able to decrypt this traffic with quantum computers in some years (according to current knowledge)?
Or is the usage of the algorithms which are implemented today in OpenSSH now already considered as secure enough for future quantum computers?
OpenSSH writes in their changelog:
The NTRU algorithm is believed to resist attacks enabled by future quantum computers
and in another changelog entry they call mlkem768
a new hybrid post-quantum key exchange
