OpenSSH 9.9 Released

By

This release supports a post-quantum key exchange method.

The OpenSSH team has released version 9.9 of the secure remote login tool with many updates and new features.

A significant feature of this release is support for a new post-quantum hybrid key exchange method. These key exchange methods are defined for use in the SSH Transport Layer Protocol in this IETF document, which notes that “the cryptographic security of key exchanges relies on certain instances of the discrete logarithm problem being computationally infeasible to solve.” However, the capabilities of large quantum computers could render “the current key exchange and authentication methods in SSH insecure.”

To address this future problem, OpenSSH 9.9 “adds support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Encapsulation Mechanism (ML-KEM) combined with X25519 ECDH,” as described in the IETF document.

This release also disables the DSA signature algorithm by default at compile time. This move is a precursor to the team’s plans to remove support for the algorithm altogether in early 2025. “DSA, as specified in the SSHv2 protocol, is inherently weak, being limited to a 160-bit private key and use of the SHA1 digest,” the announcement says.

Read about other features and bug fixes at OpenSSH.
 
 

 
 
 

10/03/2024

Related content

comments powered by Disqus