Post-Quantum SSH Algorithms (PQC)
Tempest supports post-quantum SSH key exchange (ML-KEM, SNTRUP761) with a one-click toggle between PQ and legacy algorithm sets.
Tempest ships with post-quantum cryptography (PQC) key-exchange algorithms enabled by default. Connect to OpenSSH 9.0+ servers using ML-KEM (FIPS 203) hybrids or SNTRUP761 for resistance against future quantum-computer attacks — including the "harvest now, decrypt later" threat model where adversaries record today's traffic to break years from now. Among polished cross-platform GUI SSH clients, Tempest is one of the few that documents the specific PQ algorithms it negotiates rather than just claiming "PQ support."
If your server doesn't support PQ algorithms yet, Tempest negotiates down gracefully — there's a one-click switch to a legacy-only algorithm set if a particular server can't handle hybrid KEX.
What's a post-quantum algorithm?
Classical Diffie-Hellman key exchange (X25519, ECDH-NIST-P*) is broken in polynomial time by Shor's algorithm running on a sufficiently large quantum computer. Post-quantum algorithms — Kyber (ML-KEM), NTRU (SNTRUP), Dilithium, Falcon — are designed to resist both classical and quantum attacks.
Tempest currently supports the hybrid KEX modes that combine a classical curve with a PQ algorithm: if either is broken, the session is still secure. This is the same approach OpenSSH, Cloudflare, AWS, and Apple iMessage have adopted.
Supported PQ algorithms
ML-KEM-768 hybrid with X25519 (
mlkem768x25519-sha256and friends — names vary by upstream)SNTRUP761 hybrid with X25519 (
sntrup761x25519-sha512) — OpenSSH's original PQ choice
Tempest negotiates the strongest mutually supported algorithm per session.
How to use it
PQ algorithms are enabled by default in new connections. To verify or change:
Edit your SSH host → Security → Enabled Algorithms
The default preset is Post-Quantum (PQC).
If a server fails to handshake (older sshd), switch to Legacy — Tempest re-runs the handshake with classical-only algorithms.
The current negotiation is shown live in the connection security panel:
Who you'll connect to with PQ KEX
OpenSSH 9.0+ —
sntrup761x25519-sha512enabled by defaultOpenSSH 9.5+ —
mlkem768x25519-sha256availableCloudflare's SSH proxy — PQ enabled
Most modern Linux distributions (Fedora 38+, Ubuntu 23.10+, etc.) ship OpenSSH new enough
Why now?
NIST finalized ML-KEM (Kyber) as FIPS 203 in August 2024. Major operating systems and browsers are rapidly adopting it — getting your SSH client onto PQ now means traffic you generate today is safe even if a quantum computer arrives in 5–10 years.
Pro feature
Custom algorithm selection (manually picking which KEX, host key, cipher, and HMAC to advertise) is part of Tempest Pro. The default PQ-enabled preset is free.
See also
YubiKey & FIDO2 SSH Authentication — pair hardware-backed signatures with PQ-safe key exchange
How Tempest Protects Your Privacy — the rest of the cryptography stack
Last updated