Post-quantum security for SSH access on GitHub
4 hours ago
- #Post-Quantum Cryptography
- #SSH Security
- #GitHub
- GitHub is introducing post-quantum secure key exchange methods for SSH access to enhance Git data security.
- The new algorithm, sntrup761x25519-sha512, combines Streamlined NTRU Prime with classical Elliptic Curve Diffie-Hellman for quantum-resistant security.
- This update affects SSH access only, not HTTPS, and excludes GitHub Enterprise Cloud in the US region due to FIPS compliance.
- The change aims to protect against 'store now, decrypt later' attacks by quantum computers in the future.
- Rollout begins on September 17, 2025, for GitHub.com and GitHub Enterprise Cloud (except US), and in GitHub Enterprise Server 3.19.
- Most users with OpenSSH 9.0+ will automatically use the new algorithm; older clients will fall back to existing methods.
- Users can test SSH client support for the new algorithm with `ssh -Q kex` and check active algorithms with `ssh -v` commands.
- GitHub will continue monitoring and updating its security offerings as new post-quantum algorithms emerge.