Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.

“Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115,” Devon O’Brien said in a post published Thursday.

Kyber was chosen by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing. Kyber-768 is roughly the security equivalent of AES-192.

X25519Kyber768 is a hybrid algorithm that combines the output of X25519, an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections.

Organizations that face network appliance incompatibility issues following the rollout are advised to disable X25519Kyber768 in Chrome using the PostQuantumKeyAgreementEnabled enterprise policy, which is available starting in Chrome 116, as a temporary measure.

“Bad actors could possibly take advantage of the visibility into these fixes and develop exploits to apply against browser users who haven’t yet received the fix,” Amy Ressler from the Chrome Security Team said.

“That’s why we believe it’s really important to ship security fixes as soon as possible, to minimize this ‘patch gap.'”


Source: https://thehackernews.com/