The latest version of Google Chrome It is causing quite a headache for anyone who establishes secure connections with remote web servers, firewalls, servers and other devices. The difficulties, according to initial checks, have to do with the integration of support at the Web browser level of thepost-quantum algorithm X25519Kyber768.
These types of cryptographic algorithms they are designed to resist attacks from future quantum computers. While traditional cryptographic algorithms, such as those based on prime factors or the discrete logarithm, could be vulnerable to the action of as much as a computer (we talk about it in the article focused on RSA security), post-quantum cryptographic algorithms aim to provide an adequate level of security to also neutralize attacks from systems that use the quantum properties of matter.
Post-quantum cryptographic algorithms are still being developed and standardized, but are considered crucial to ensuring security. communications security in the era of quantum computers. That the situation is evolving is confirmed, for example, by the emblematic case of a famous post-quantum algorithm which on the one hand provided protection against attacks based on quantum computing but which on the other hand was defeated by using a simple “old-fashioned” Intel Xeon processor.
Introducing a post-quantum algorithm to Chrome and Edge
In August 2023, Google began evaluating support for some post-quantum cryptographic algorithms in Chrome. Kyber768 it is used, for example, to exchange encryption keys in connections TLS 1.3 e WHO.
As the technicians of the Mountain View company explain, prematurely enabling support for Kyber768 aims to protect users from attacks of the “store now, decrypt later“. This expression refers to the approach used by some cyber criminals who they collect Today encrypted information with the aim of decoding them in the future when quantum technologies are accessible on a larger scale.
Among the companies that are organizing themselves for the future, there are companies such as Google, Apple and Signal.
With the release of the updated version of Chromium, both Chrome 124 That Edge 124 have started to highlight connection problems with some devices protected through the use of HTTPS.
Future-looking data encryption doesn’t make devices used in the present work
Several IT administrators, struggling with appliance security, middleware, firewall, different networking devices vendorhave started reporting the inability to access their respective configuration panels via the web, both using Chrome 124 and Edge 124.
Immediately after starting the TLS connection (Transport Layer Security), this is prematurely interrupted once the phase is completed handshake.
The underlying problem is that not only the connection based on the algorithm Kyber768 is rejected, but client and server do not agree on the fallback on a more traditional protocol.
In case of difficulty, users can disable support for post-quantum encryption by typing chrome://flags/#enable-tls13-kyber in your browser’s address bar and clicking on Disabled the corresponding setting.
At this point, it is likely that both the Chrome and Edge developers will deactivate it Kyber768 awaiting targeted intervention. More information is available on the tldr.fail website, created to illustrate the problem.