Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack
This week in security: PQC by default, and a supply-chain gut check. At F5, we are publishing a forward‑looking series of blog posts which help security and IT leaders anticipate tomorrow’s risks and capitalize on emerging tech. Think of it as a field guide to future threats—and how to stay resilient as they arrive. We are about half way through the series, here are some of the highlights from my point of view.What is Quantum Computing?
Quantum computing represents a significant shift in information processing. It leverages the principles of quantum mechanics to solve problems far beyond the capabilities of classical computers. Unlike classical computers, which use bits to represent either 0 or 1, quantum computers use qubits. This enables them to exist in multiple states simultaneously through superposition. Additional quantum properties like entanglement and quantum interference further enhance computational efficiency, making quantum systems uniquely equipped to tackle complex, intractable problems. This breakthrough has profound implications for cryptography. Many classical cryptosystems, such as RSA and ECC, rely on mathematical problems that are easy to compute but difficult to reverse without a secret key. Quantum algorithms like Shor’s Algorithm can solve these problems quickly. This makes traditional encryption vulnerable to quantum-based attacks. Similarly, Grover’s Algorithm increases the speed of brute-force searches, halving the effective security of symmetric cryptographic algorithms like AES. Quantum computing has caused the need for new cryptography systems. These systems are designed to protect against attacks from quantum computers. Notably, these systems don’t require quantum properties themselves; instead, they employ mathematical techniques robust against quantum algorithms. For example, lattice-based cryptography is considered one of the most promising approaches for ensuring future-proof security. As quantum computing capabilities progress, experts warn that classical encryption methods may soon reach the end of their "cryptographic cover time," the duration during which encrypted data remains secure. Data intercepted today could be decrypted retroactively by adversaries when quantum threat models mature—a concept referred to as "harvest now, decrypt later." This underscores the urgency of transitioning to quantum-resistant technologies. Post-quantum cryptographic algorithms, combined with hybrid approaches in protocols like TLS, can protect sensitive communications from future quantum threats. Given estimates that functional quantum computers capable of breaking RSA-2048 could emerge within the next decade, governments and organizations are advised to begin implementing these technologies now to ensure long-term data security. For a deeper exploration of quantum computing and its cryptographic implications, read the full F5 Labs article.The State of Post-Quantum Crypto (PQC) on the Web
Introduction No one knows exactly when Q-day will arrive, but recent developments have seen the estimated number of Q-bits required to crack traditional encryption plummet from 1 billion in 2012, to 20 million in 2019, to just 1 million as of May 2025.2 Since Google is now predicting that sufficiently powerful quantum computers may be here by 2030, it may already be too late for many organizations to deploy post-quantum cryptography (PQC) to protect their web applications. READ THE FULL REPORT HERE Q-Day Arrival There is a growing disconnect between the rapid pace of advancements in quantum computing and the priority to which CISOs assign to the associated risk. Recent predictions now estimate the arrival of Q-Day (the date when quantum computers become powerful enough to break widely used public key cryptography) will happen as early as 2029. Yet, according to the ISACA Pulse of Quantum Computing poll, only 5% of CISOs say that post-quantum cryptography (PQC) is a ‘high business priority’ for the near future. 1 This report evaluates the current state of PQC adoption among the world’s top 1 million websites and the most commonly used web browsers and devices. Among the top one million websites, only 8.6% support hybrid PQC key exchange mechanisms. This reflects a broad hesitancy to transition and, more worryingly, 25% of websites still do not support TLS 1.3 at all, with 16% failing to implement quantum-resistant symmetric ciphers. Conversely, PQC adoption is more visible among the world’s most popular sites, with 42% of the top 100 supporting it, though this figure drops to 26% for ranks 100–200, and averages just 21.9% across the top 1,000. Support falls further to 13.9% for the top 10,000 sites and 8.4% for the top 100,000. Websites that support post-quantum cryptography The uptake of PQC is particularly low in some of the most security-sensitive sectors. Only 3% of banking websites support PQC, placing the industry among the lowest adopters—even within its own Financials sector (Figure 1). Healthcare and government websites are also lagging. Websites that support post-quantum cryptography (PQC) tend to have stronger overall TLS configurations. They offer fewer and more modern cipher suites while disabling outdated protocols like SSLv3 and TLSv1.0. Those with PQC enabled offered significantly fewer cipher suites (suggesting deliberate hardening) compared to non-PQC sites, which still commonly support weak and obsolete protocols. This contrast highlights PQC support as a strong proxy for broader cryptographic hygiene. Geographically, TLD analysis shows that countries like Australia (.au), Canada (.ca), and the UK (.uk) are leading in PQC deployment when considering both adoption rate and volume. However, when company headquarters are considered, the United States stands out as the global frontrunner. The UK, Canada, and Australia follow closely behind. Browser Support On the client side, browser support plays a major role in overall PQC readiness. While 93% of Chrome requests are PQC-ready, Safari’s lack of support reduces the global readiness rate to just 57%. Firefox, despite accounting for only 2% of requests, sees 85% of its traffic coming from PQC-capable versions. The data suggest that while technical capability for PQC adoption exists—especially given the widespread use of TLS 1.3—the practical rollout is lagging in many critical areas. For organizations with data that must remain confidential well into the future, failing to deploy PQC measures today may already be too late. Conclusion The full report explains the implications of quantum computing on TLS, the current state of PQC standards and protocols, which servers, industries, and geographies have been quickest to adopt, and suggests some steps to take if you have yet to begin your PQC journey. READ THE FULL REPORT HERE
