Welcome to the 15th edition. This week, we have a disproportionate amount of insights from our friends at the German BSI. Let’s dive into the content…

And The Survey Says… No Quantum Threat

The German BSI and KPMG ran a survey on post-quantum migration. The results are mildly horrifying.

Here are some highlights:

• 32% felt the PQC transition was irrelevant to their organisation. I'm not sure what world they are living in, but they are in for a shock.

• Almost everyone felt the time required to migrate would put their data at risk. And yet, only 25% had the quantum threat in their risk management.

• 43% were not familiar with store-now, decrypt-later.

• 29% were unfamiliar with the NIST standardisation process.

You can read the full report here.

This survey is a useful reminder the average organisation doesn't understand or correctly prioritise the quantum threat.

This may shock those in the PQC echo chamber.

These Researchers Are Not BLUFFing

The recently announced BLUFFS Bluetooth attacks are impressive.

The authors asked a simple question: what are the forward and future secrecy properties of Bluetooth? They discovered the standard didn't account for these properties, nor had any research been conducted in this direction.

In a protocol with forward secrecy, if you break a session key you cannot break older sessions as well. Future secrecy is the same idea but for protecting future sessions. Bluetooth ideally has forward and future secrecy, to ensure breaking a session key has minimal impact.

Sadly, it doesn't. And the authors found a neat way to trick the creation of a particular weak session key, with as little as one byte of entropy. This session key can be trivially brute-forced, and then re-used in subsequent connections. This allows for device impersonation and man-in-the-middle attacks.

The attack has widespread implications, affecting every version of the Bluetooth standard from 2014 through to Feb 2023. The vulnerability reference is CVE-2023-24023.

The paper is very accessible and worth reading.

Patience, Mein Freund

Here's an eye-opening fact: the German BSI expect it will take 15 YEARS to migrate their public key infrastructure to quantum-safe algorithms.

And that was apparently an optimistic estimate! No wonder they are starting already.

The PKI system is known as "Verwaltungs-PKI". And their biggest barrier to migration is the commitment they've made to their 500,000 users.

Their root CA certificates are guaranteed to be valid for 10 years. Thus, the final RSA-based root CA they create in 2025 will need to be valid until 2035. They don't want to shorten these timelines due to the policies they've already published.

Over the migration period, they plan to run both systems in parallel. Their first production-ready PQC root will enter service in 2027.

Also interesting is their choices of algorithms. They will prioritise security over simplicity by using stateful hash-based algorithms for their root certificates. This choice indicates a lack of complete faith in the newer PQC algorithms soon to be standardised.

I hope to see more organisations talking publicly about their approach to migration. Not only will this cement good practices, but it will remind the wider world that migrations take time and need to start soon.

You can find the slides for the talk (PDF) here.