ASVS icon indicating copy to clipboard operation
ASVS copied to clipboard
verified publisher icon OWASP

Microsoft 11 rolls out PQC algorithms

Open jmanico opened this issue 8 months ago • 4 comments

Microsoft rolls out PQC in windows 11.

ML-KEM and ML-DSA are the main standards. These larger keys must also be accompanied by RSA and the elliptic-curve keys they are meant to replace.

https://arstechnica.com/security/2025/05/heres-how-windows-11-aims-to-make-the-world-safe-in-the-post-quantum-era/

jmanico avatar May 22 '25 10:05 jmanico

Do you mean we should mention those? (in the appendix?)

I agree that PQC stuff should be mentioned in the appendix. It is probably kind of late considering the release schedule, though.

This can be postponed to 5.0.1 as it is not considered a breaking change to add things to the appendix.

randomstuff avatar May 22 '25 10:05 randomstuff

I'm especially interested in the recommendation to use these PQC algorithms in addition to using an RSA or elliptical curve key. That makes a lot of sense to protect against weaknesses in both algorithms.

As for delivery time, I'll leave that up to You, Elar and Josh.

jmanico avatar May 22 '25 11:05 jmanico

Given this is very new and indeed something @unprovable and i have been involved in with Microsoft with, a 5.0.1 release would be more ideal as we test it

danielcuthbert avatar May 22 '25 11:05 danielcuthbert

For reference, USGOV are saying to transition by 2030, and deprecation by 2035. We have time if we don't include it right away...

unprovable avatar May 22 '25 12:05 unprovable