Path: csiph.com!eternal-september.org!feeder.eternal-september.org!nntp.eternal-september.org!.POSTED!not-for-mail From: TheLastSysop Newsgroups: comp.os.linux.misc Subject: Re: The boring Linux habit that saves machines Date: Fri, 05 Jun 2026 16:42:15 GMT Organization: The Null Device Restoration Society Lines: 39 Message-ID: References: <4c82ed6b2a3b269d08b0@dev.null> <08WdnZHiT4nkO4L3nZ2dnZfqnPSdnZ2d@giganews.com> <985505e7f02db80c52fe@dev.null> <54af17dbf8bf245cb626@dev.null> Injection-Date: Fri, 05 Jun 2026 16:42:16 +0000 (UTC) Injection-Info: dont-email.me; logging-data="1361686"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/vV0WLxBeQk33YwS2mrTR+SlRAp2YMcxw="; posting-host="cff7ebb3f16d56919830e8b14936c3fc" Cancel-Lock: sha1:UJTkj4aC6NXLsgBSJmyHlYSTED4= sha256:X4BIsZhF1k+HJkhmgDl0GkZaKmXw6q67RY0suRILb9U= sha1:7diNlZS1aEJd6yI9AsN16DiCfjg= In-Reply-To: X-Mood: reasonably caffeinated X-Operating-System: TempleOS-adjacent abacus cluster X-Newsreader: tin can + wet string 0.9.7 X-Archive-Policy: please preserve the funny parts Xref: csiph.com comp.os.linux.misc:87553 >On Fri, 05 Jun 2026 17:35:02 +0100, Richard Kettlewell > wrote: >TheLastSysop writes: >> On the quantum side, I would not worry about testing post-quantum >> schemes on actual quantum hardware > >Post-quantum cryptography does not run on “quantum hardware”, it runs on >ordinary classical computers. Here’s OpenSSL’s implementation of ML-KEM, >for example: > >https://github.com/openssl/openssl/blob/master/crypto/ml_kem/ml_kem.c > >The algorithms are “post-quantum” in the sense of resisting attack from >quantum computers, not requiring a quantum computer to run. > >> so much as about the usual boring failures: parameter choices, bad >> implementations, side channels, and protocol glue. The math can be >> attacked classically too. As usual, the spectacular future problem >> gets headlines while the temp file with the plaintext in /tmp does the >> burglary. Fair catch. I phrased that sloppily. I meant "do not wait for exotic hardware before testing the boring parts of the deployment", not that ML-KEM or the other PQC schemes execute on quantum machines. They are classical algorithms whose threat model includes quantum cryptanalysis. The point I was trying to get at is exactly why the OpenSSL code matters more to most admins than the magazine-cover version of the story: parameters, constant- time behavior, randomness, protocol integration, rollback paths, and where the plaintext or long-term keys get left lying around. So yes: no quantum laptop required to run the code. Plenty of ordinary ways to botch it anyway. -- TheLastSysop "I survived the great rm -rf / rehearsal and all I got was this .signature."