- Microsoft has new protections against quantum energy attacks
- These updates reach Windows and Linux
- The new tools will continue to evolve to try to match the threat capabilities
Currently, quantum computers only exist within specialized laboratories, but it is generally understood that this will not be the case for a long time, and technology could soon be introduced into several different industries such as finance, cybersecurity and even medicine.
The evolution in quantum computing presents new challenges for cybersecurity teams, with technology theorized to have the potential to break the encryption and “interrupt contemporary cryptographic algorithms,” Microsoft warned.
To address this, Microsoft is introducing a “significant milestone” in the Tourter Tour of Quanto (PQC) causing the PQC capabilities to be available for Windows Insiders, Canary Channel Build 27852 and Linux, and Linux, Symcrypt-Apensl Version 1.9.0.
Symcrypt additions
This means that customers can start experimenting with PQC “within their operational environments.”
For Windows, Microsoft is bringing ML-Kem and ML-DSA for Windows Insids through updates to cryptography API libraries: Next Generation (CNG), as well as certificate and cryptographic messages.
This aims to help developers prepare for “harvest attacks now, decipher later.” The changes correspond to the NIST standardized algorithms, but will be developed and will continuously update to meet the new requirements.
New changes in Linux have also been introduced, with updates for programmers to use the OpenSSL API surface fed by Symcrypt cryptographic operations. Version 1.9.0 will allow developers to play with TLS Hybrid Key Exchange to prepare for future threats.
“PQC algorithms are relatively new, and it is prudent not to consider the initial generation of PQC algorithms as the definitive solution, but see this as an evolving field,” explains Microsoft.
“This underlines the importance of” cryptographic agility “that implies the design of solutions to be more resistant to the use of different algorithms and/or updateables to use future algorithms as PQ standards evolve.”
Researchers believe that quantum computing could be the “greater security threat of all time” and capable of breaking the most difficult existing encryptions, so security updates will be very necessary for software companies as technology develops.
