# Post-Quantum SSH Algorithms (PQC) Tempest ships with **post-quantum cryptography (PQC)** key-exchange algorithms enabled by default. Connect to OpenSSH 9.0+ servers using **ML-KEM (FIPS 203)** hybrids or **SNTRUP761** for resistance against future quantum-computer attacks — including the "harvest now, decrypt later" threat model where adversaries record today's traffic to break years from now. Among polished cross-platform GUI SSH clients, Tempest is one of the few that documents the specific PQ algorithms it negotiates rather than just claiming "PQ support." If your server doesn't support PQ algorithms yet, Tempest negotiates down gracefully — there's a one-click switch to a legacy-only algorithm set if a particular server can't handle hybrid KEX. ## What's a post-quantum algorithm? Classical Diffie-Hellman key exchange (X25519, ECDH-NIST-P\*) is broken in polynomial time by Shor's algorithm running on a sufficiently large quantum computer. Post-quantum algorithms — Kyber (ML-KEM), NTRU (SNTRUP), Dilithium, Falcon — are designed to resist both classical and quantum attacks. Tempest currently supports the **hybrid** KEX modes that combine a classical curve with a PQ algorithm: if either is broken, the session is still secure. This is the same approach OpenSSH, Cloudflare, AWS, and Apple iMessage have adopted. ## Supported PQ algorithms * **ML-KEM-768** hybrid with X25519 (`mlkem768x25519-sha256` and friends — names vary by upstream) * **SNTRUP761** hybrid with X25519 (`sntrup761x25519-sha512`) — OpenSSH's original PQ choice Tempest negotiates the strongest mutually supported algorithm per session. ## How to use it PQ algorithms are **enabled by default** in new connections. To verify or change: 1. Edit your SSH host → **Security** → **Enabled Algorithms** 2. The default preset is **Post-Quantum (PQC)**. 3. If a server fails to handshake (older sshd), switch to **Legacy** — Tempest re-runs the handshake with classical-only algorithms. The current negotiation is shown live in the connection security panel: ``` KEX sntrup761x25519-sha512 HostKey ssh-ed25519 Cipher chacha20-poly1305@openssh.com HMAC hmac-sha2-256-etm@openssh.com ``` ## Who you'll connect to with PQ KEX * **OpenSSH 9.0+** — `sntrup761x25519-sha512` enabled by default * **OpenSSH 9.5+** — `mlkem768x25519-sha256` available * **Cloudflare's SSH proxy** — PQ enabled * Most modern Linux distributions (Fedora 38+, Ubuntu 23.10+, etc.) ship OpenSSH new enough ## Why now? NIST finalized ML-KEM (Kyber) as **FIPS 203** in August 2024. Major operating systems and browsers are rapidly adopting it — getting your SSH client onto PQ now means traffic you generate today is safe even if a quantum computer arrives in 5–10 years. ## Pro feature Custom algorithm selection (manually picking which KEX, host key, cipher, and HMAC to advertise) is part of **Tempest Pro**. The default PQ-enabled preset is free. ## See also * [YubiKey & FIDO2 SSH Authentication](/authentication/yubikey-fido2-ssh-authentication.md) — pair hardware-backed *signatures* with PQ-safe *key exchange* * [How Tempest Protects Your Privacy](/account-and-privacy/how-tempest-protect-your-privacy.md) — the rest of the cryptography stack --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gotempest.app/authentication/post-quantum-ssh-algorithms.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.