OpenSSH 10.1 will warn users when non-post-quantum key exchange algorithms are selected, promoting migration to quantum-resistant alternatives. Since version 9.0, OpenSSH has offered post-quantum key agreement; mlkem768x25519-sha256 became the default in version 10.0 (April 2025). The warning addresses "store now, decrypt later" attacks by quantum computers and is enabled by default but configurable.
Infrastructure
OpenSSH begins warning for non-PQC key exchanges
OpenSSH 10.1 defaults to quantum-resistant mlkem768x25519-sha256 and warns against legacy key exchanges vulnerable to future quantum decryption of stored traffic.
Tuesday, April 7, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
infrastructure
/// RELATED
SafetyApr 7
A Cryptography Engineer’s Perspective on Quantum Computing Timelines
Google and Oratomic's research drastically accelerates the quantum cryptography threat timeline, pushing the post-quantum migration deadline to 2029 instead of decades away—forcing immediate infrastructure overhaul despite implementation complexity.
InfrastructureApr 7
Verifying and optimizing post-quantum cryptography at Amazon
Amazon open-sources formally verified ML-KEM, making post-quantum cryptography production-ready to protect today's encrypted data from retroactive quantum decryption attacks.