| ▲ | FiloSottile an hour ago | ||||||||||||||||
If you are doing authentication with those hardware keys, you will probably be fine, if we do our job fast enough. Apple's Secure Enclave already supports some PQ signatures (although annoyingly not ML-DSA-44 apparently?) and I trust Yubico is working on it. If you are doing encryption, then you do have reason to worry, and there aren't great options right now. For example if you are using age you should switch to hybrid software ML-KEM-768 + hardware P-256 keys as soon as they are available (https://github.com/str4d/age-plugin-yubikey/pull/215). This might be a scenario in which hybrids provide some protection, so that an attacker will need to compromise both your OS and have a CRQC. In the meantime, depending on your threat model and the longevity of your secrets (and how easily they can rotated in 1-2 years), it might make sense to switch to software PQ keys. | |||||||||||||||||
| ▲ | palata an hour ago | parent [-] | ||||||||||||||||
Thanks a lot, that helps! > This might be a scenario in which hybrids provide some protection, so that an attacker will need to compromise both your OS and have a CRQC. Did you mean "your OS and have a CRQC" here, or "your Yubikey and have a CRQC"? | |||||||||||||||||
| |||||||||||||||||