This is not the first time we issue a warning about the danger of using RSA keys, you can find the past articles about it here, here, and here.

Well, what we warned you about has happened: Chinese researchers have successfully broken RSA encryption with a quantum computer.

Understanding the Quantum Threat

Quantum computers, with their ability to perform certain specific types of complex calculations at unprecedented speeds, have the potential to break many of the encryption algorithms we rely on today. This now officially includes the widely-adopted RSA.

The "Harvest Now, Decrypt Later" (HNDL) Dilemma

One of the most concerning aspects of this quantum threat is the concept of "Harvest Now, Decrypt Later" (HNDL) attacks. In these scenarios, malicious actors are already collecting vast amounts of encrypted data, with the intention of decrypting it once quantum computers become powerful enough to break current encryption methods.

This means that sensitive data transmitted today could be at risk of exposure in the future, even if it's currently considered secure. The implications are far-reaching, potentially affecting everything from personal financial information to corporate trade secrets and national security data.

Why RSA Keys Are Vulnerable

RSA encryption, while still secure against classical computing attacks, is particularly vulnerable to quantum algorithms. Once sufficiently powerful quantum computers become available, they will be able to break RSA encryption in a matter of hours or even minutes, as now proven beyond any reasonable doubt by the above mentioned research team.

The Urgency of Action

The development of practical quantum computers capable of breaking current encryption is still (possibly) a few years away. However, the HNDL threat means we can't afford to wait. Data encrypted today using vulnerable methods like RSA could be decrypted in the future, potentially exposing sensitive information long after it was thought to be secure.

Switch to Ed25519 today!

Syncplify Server! already provides (and has done so for years!) a robust alternative to RSA keys: Ed25519. This elliptic curve algorithm offers several advantages:

1. Quantum resistance: Ed25519 is considered more resilient against quantum attacks than RSA.

2. Smaller key sizes: Ed25519 keys are much smaller than RSA keys, offering equivalent security with less computational overhead.

3. Faster operations: Ed25519 provides faster signing and verification operations compared to RSA.

A Call to Action for Syncplify Users

Given the looming quantum threat and the risks associated with HNDL attacks, we strongly urge all Syncplify users and customers to take the following steps:

1. Stop using RSA keys as host keys and for PKI authentication.

2. Transition to Ed25519 keys as soon as practically possible.

3. Audit your systems to identify any remaining RSA keys and develop a plan to replace them.

4. Stay informed about developments in post-quantum cryptography and be prepared to adopt new standards as they emerge.

By taking these steps now, you can significantly enhance your security posture, and reduce the probability to be among the first victims when these attack inevitably become widespread. Do not wait – the time to act is now.