keepassxc icon indicating copy to clipboard operation
keepassxc copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

[Feature request] Post-quantum encryption

Open beantaco opened this issue 6 months ago • 12 comments

Summary

KeePassXC currently uses AES or Twofish block cipher to encrypt a database. This issue is a feature request to add support for an established post-quantum encryption algorithm. I searched for related issues but didn't find anything.

Context

I'm aware that quantum computing won't be a realistic threat for a long time, but I believe it's wise to prepare for it sooner rather than later. If someone uses KeePassXC to store secrets meant to be held for a long time, the database might become vulnerable at some point. Further, databases that exist now might become vulnerable to harvest now decrypt later attacks by quantum computing.

I honestly don't know how effective quantum computing based attacks would be if/when quantum computing becomes feasible. My understanding is AES-256 remains secure for now because of its large key size, but could change with time. Grover's algorithm effectively halves AES's key size, making AES-128 insecure (equivalent to brute-forcing a 64-bit key) but AES-256 still secure against that particular attack, but other quantum attacks might break AES-256 in the future.

Implementations by other projects:

I don't know that an established post-quantum block cipher exists yet or will ever be created, or whether or not post-quantum encryption should be added via key encapsulation or another way. I don't propose that this be implemented immediately but when it has been properly hashed out.

My understanding is adding this kind of support would require an update to the database format (to allow for a new encryption algorithm) as well as client support.

  • How credible does the KeePassXC community believe the risk of quantum computing is?
  • What would be the best way to add post-quantum encryption?
  • How difficult would adding support for a post-quantum encryption algorithm be?
  • Aside from old versions of KeePassXC being unable to open databases that use a new encryption algorithm, what unintentional consequences could arise by adding support for a new encryption algorithm?
  • Overall, what is the KeePassXC community's stance?

beantaco avatar Jul 27 '24 03:07 beantaco