Greetings!

*** Sergey Matveev [2025-09-28 13:05]:
>Lack of post-quantum cryptography in NNCP bothers me. When NNCP was
>created, even OpenSSH did not have PQ algorithms. But nowadays there
>are even NIST-standardised choices available.
>
>There is an independent (from NNCP) project: http://www.keks.cypherpunks.su/
>[...]
>I do not know when I will start working on all of that. But sometime it
>will definitely happen. Of course that will lead to incompatible packets
>format, that will be KEKS-encoded, instead of XDR-encoded. But that
>brings PQ-safety, more paranoid/safer encryption patterns,
>paralleliseable speeds.

I am writing all of this just for your information, because I use that
since ~2025-12. I made "kekscm" branch in NNCP's Git repository,
containing very quick and dirty hack to bring PQ-security for encrypted
packets. Maybe that code will never be in develop/master releases. In
that branch I added another encrypted packet's version, which holds
KEKS/CM (http://www.keks.cypherpunks.su/cm/encrypted/index.html)
encrypted payload. All tests are broken. cfgdir, packet's padding, areas
do not work. exchpub/exchprv/signpub/signprv are replaced with "keyid"
field, holding the hexadecimal fingerprint of the KEKS/CM keypair,
located in $NNCPKEYS directory. KEKS/CM'es utilities (cmkeytool,
cmenctool) are used just by calling them through exec.

-- 
Sergey Matveev (http://www.stargrave.org/)
LibrePGP: 12AD 3268 9C66 0D42 6967  FD75 CB82 0563 2107 AD8A