Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
PuTTY 0.83 now implements a second method of post-quantum key exchange. The new method, ML-KEM, was formerly known as "Crystals: Kyber", and is standardised by NIST in FIPS 203.
As with our existing support for NTRU Prime, PuTTY implements ML-KEM only in hybrid forms, running an existing classical key exchange method in parallel with it, and hashing both outputs. So an attacker must break both to derive your session keys. This protects against the risk of the new algorithm having a flaw not yet found, and the risk of a quantum computer being built that can attack the old algorithm, so there's only a problem if both of those happen.
PuTTY supports a hybrid of ML-KEM with Curve25519, and also two hybrids of it with NIST elliptic curve systems. At the time of writing this, OpenSSH 9.9 also supports the Curve25519 hybrid, and AsyncSSH supports all three.