Where do you see crypto heading in the next 10 years? What’s currently on wolfSSL’s roadmap?
Post-Quantum Computing (PQC) cryptographic algorithms are the biggest thing on our radar (See our updates on post-quantum wolfSSH and post-quantum cURL!). We have started with adding the Key Exchange algorithms from liboqs into our TLS implementation, as well as working on an optimized implementation of NTRU. wolfSSL now supports the round 3 finalist KEM algorithms of the NIST PQC competition which are appropriate for TLS 1.3. This means that everyone can experiment with the new up and coming algorithms that will be standardized.
Signatures are more of a problem in the context of TLS, since the CA infrastructure needs to be updated to issue certificates using the PQC algorithms before they can be used.
At the moment, it seems as though all the post-quantum algorithms have disadvantages that make it difficult to drop one in without impact. Some are too slow, while others require too much data to be sent over the wire. Embedded is even harder!
DTLS 1.3 is also on our roadmap further down the line – the specification is done but not published as an RFC yet.
Advice for people who are looking to build security apps or develop secure networking processes?
- Use TLS 1.3. All major browsers, and 47.8% of the most popular web sites, support TLS 1.3.
- Use well known algorithms like AES-GCM, SHA-2, (EC)DH, RSA and ECDSA.
- Use secure, well supported protocols like TLS 1.2 and TLS 1.3, and DTLS 1.2.
- Be prepared to change to new PQC secure algorithms. Quantum computers aren’t possible yet, but when they are, attackers can go back and decrypt old messages.
- Be prepared to sign with two signatures, first with an existing algorithm like RSA or ECDSA, and secondly with a new PQC secure algorithm. The first signature can be verified quickly right now, and the second later, if and when quantum computers come online.
- Keep your private keys safe – in hardware where possible.
For more, check out our interview with ExpressVPN!
Need more? Subscribe to our YouTube channel for access to wolfSSL webinars!
Love it? Star us on GitHub!