there's a post-quantum federated key service that #infosec may be interested in:
> FOKS provides a secure, end-to-end encrypted Git hosting service. [...] the server never sees data or filenames in unencrypted form. This means that even if the server is compromised, your data is safe. FOKS is federated [...]
> Additionally, FOKS uses modern PQ-secure public-key cryptography, so all end-to-end encrypted data is safe from quantum attacks.
Linux and InfoSec folks:
OpenSSH has released version 10. This is the first release with post-quantum algorithms.
At this time, source builds would have it. The only Distros I see releasing 10.0 builds are OpenSuse and Mandriva.
RHEL is still on the 9.x channel.
The SignServer Team is happy to announce the release of SignServer CE 7.1.1
Featuring NIST approved quantum-safe algorithms ML-DSA and SLH-DSA.
https://github.com/Keyfactor/signserver-ce/releases/tag/v7.1.1
Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .
If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.
https://blog.cr.yp.to/20250423-mceliece.html
My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.
Again.
Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).
Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.
[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time
This week in #FDroid (TWIF) is live:
* #kitshn for #Tandoor update mixup
* #etchdroid 2.0 now w/ #MaterialDesign
* #KOReader for more devices
* fight #quantum with #Tuta #postquantum #email and #calendar
* 20 years of #git, get #forgejo and #gitnex
* #OrganicMaps community open letter
* #ToSDR to the rescue
+ 8 new apps
+ 92 updates
& 4 archived
Git clone this post: https://f-droid.org/2025/04/17/twif.html
El lado del mal - Hamming Quasi-Cyclic (HQC-KEM): Nuevo Key-Encapsulation Mechanism en Post-Quantum Cryptography https://www.elladodelmal.com/2025/04/hamming-quasi-cyclic-hqc-kem-nuevo-key.html #PQC #Quantum #PostQuantum #HummingQuasiCiclic #HQC #KEM #Criptografía #Cifrado
The post-quantum era is closer than you think!
It’s time to tighten up that security hygiene and future-proof your organization’s data before quantum computing renders today’s encryption obsolete.
Here’s your crypto checklist:
Audit your encryption infrastructure
Automate certificate/key management
Educate teams on quantum risk
Pilot NIST’s post-quantum algorithms
Start now—retrofitting later will cost you
Quantum threats don’t wait. Neither should we.
#CyberSecurity #PostQuantum #Encryption #CISO #ITOps #QuantumComputing #CyberResilience
https://www.darkreading.com/vulnerabilities-threats/post-quantum-planning-security-hygiene
I’m at ICMC in Toronto this week, anybody else here?
This would probably get more action if I was on infosec.exchange… 
390 Millionen Euro für Cybersicherheitsprojekte – Jetzt informieren und vorbereitet sein!
Das #DigitalEurope Arbeitsprogramm mit dem Fokus #Cybersicherheit für 2025-2027 ist veröffentlicht. Das Programm gibt einen ersten Überblick zu den geplanten Förderungen u.a. #KI #PostQuantum #CSA etc. Erste Calls werden im 2. Quartal 2025 erwartet.
Als NKCS/NCC-DE beraten wir zu den Förderthemen und unterstützen bei der Vorbereitung.
Mehr Infos unter: https://cybersecurity-centre.europa.eu/news/eccc-finance-eur-390-million-cybersecurity-projects-under-digital-europe-programme-2025-2027-2025-03-28_en
Quantenangriffe und Seitenkanäle im Visier: Die @CybAgBund startet #SCA4PQC zur Entwicklung robuster Post-Quanten-Kryptographie. Mehr Infos zur Ausschreibung: https://t1p.de/b52np
#PostQuantum #CyberSecurity #Forschung
https://nachrichten.idw-online.de/2025/03/31/forschungsprogramm-sca4pqc-soll-seitenkanalresistente-post-quanten-kryptologie-entwickeln
SCA4PQC – die @Cyberagentur startet ein Forschungsprogramm zur Entwicklung seitenkanalresistenter Post-Quanten-Kryptographie. Ziel: Schutz vor Quantenangriffen und physischen Seitenkanalangriffen. Fokus: Cloud/Desktops, IoT und Smartcards. Forschung und Wirtschaft sind eingeladen.
Mehr Informationen: https://t1p.de/b52np
#PostQuantum #CyberSecurity #SCA4PQC #PostQuantumCrypto #SideChannel #ITSecurity #OpenScience
07.03.2025: GnuPG announces release of 2.5.5 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
11.03.2025: NIST selects HQC as fifth algorithm for post-quantum encryption.
Source: https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption
PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018
Cryspen is heading to RWC in Sofia next week! 
We'll be presenting "Using Formally Verified Post-Quantum Algorithms at Scale" and our team will be on hand to discuss all things high assurance software and crypto. Oh, and we're sponsoring too!
NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
12.02.2025: GnuPG announces release of 2.5.4 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000490.html
PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018
Accelerating The Adoption of Post-Quantum Cryptography with PHP
https://paragonie.com/blog/2025/02/accelerating-adoption-post-quantum-cryptography
14.01.2025: GnuPG announces release of 2.5.3 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000489.html
PQC: https://en.wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018
wooohoooo, just discovered pqconnect in the #debian NEW queue: https://ftp-master.debian.org/new/pqconnect_1.2.1-1.html
@jas and Jan Mojžíš doing the good work.
habemus pqconnected sphinx server \o/
