Latest news with #ML-KEM
Tom's Guide
5 days ago
- Tom's Guide
ExpressVPN now supports the WireGuard protocol – and it's quantum secure
ExpressVPN has added WireGuard to its list of supported protocols and has launched it with post-quantum encryption protection already implemented. Previously, ExpressVPN has been one of the only providers on our best VPN list not to support the popular WireGuard encryption protocol. Instead, it primarily relied on its proprietary protocol, Lightway. But WireGuard has now come to ExpressVPN and it utilises the new post-quantum encryption standard, ML-KEM. It's available now on iOS, Windows, and Android VPN apps, with macOS support coming soon. Post-quantum is the level of encryption needed to protect against attacks from quantum computers. The day these computer can break current encryption standards is known as Q-Day. Although it might not occur for a few more years, many VPN providers are adopting post-quantum encryption now. ML-KEM has been one of the post-quantum industry standards for over a year and, in a blog post, ExpressVPN said this release is a "call to action for the rest of the industry." It added that "post-quantum protections are essential, and they're possible to implement now." WireGuard was a revolutionary protocol and was seen as faster and more streamlined than the old-favorite OpenVPN. But WireGuard doesn't support post-quantum encryption by default – WireGuard themselves admit that – and ExpressVPN has addressed this gap. According to ExpressVPN, its version "adds post-quantum encryption, ephemeral credentials, dynamic IPs, and short-lived authentication tokens." ExpressVPN wants to help the VPN industry adopt post-quantum protection and has released a white paper detailing how it built its scalable WireGuard implementation, which doesn't modify WireGuard itself. ExpressVPN's Chief Research Officer, Pete Membrey said: "Post-quantum threats aren't theoretical. They're already here. Adversaries can harvest encrypted traffic today and decrypt it later." "Everyone's shipping WireGuard, but few are doing it with a proper appreciation for the post-quantum issues. We built a version that actually holds up, and we've published the instruction manual along with it." Post-quantum WireGuard is live now for Windows, Android, and iOS VPN users, with macOS coming later. To access the protocol on your phone, click the Profile tab at the bottom of your screen and head to VPN Protocol under the VPN Settings section. You can then select WireGuard but advanced protections – ad, tracker, and malicious site blockers – must be disabled. For Windows VPN users, click the three lines in the top left of your ExpressVPN screen and select Options. Go to Protocol and select WireGuard. If you can't see the WireGuard option, ensure your ExpressVPN app is up to date. Every session starts with a post-quantum key exchange and each session uses short-lived keys, along with a fresh internal IP. There are no persistent identifiers or reused credentials and this makes it much harder to track users and activity. There's no native user authentication built into WireGuard, so ExpressVPN built a lightweight system that verifies users with short-loved access tokens. All of ExpressVPN's protocols run on its TrustedServer network. This means servers are RAM-only and all data is wiped when they reboot – reportedly once a week. Therefore no data is stored long-term and this increases user safety and privacy. As mentioned, these protections were added without modifying WireGuard itself. ExpressVPN describes how its architecture "wraps around the base design" and its white paper shares each step so other VPN providers can do the same. ExpressVPN has also introduced a new manual HTTPS proxy support that runs connections over Lightway TCP. Proxies are not a replacement for VPNs, but it's designed for advanced users to use as a backup option when VPN traffic is throttled, blocked, or restricted. WireGuard was still in early development when ExpressVPN first reviewed and as a result the provider decided to build its Lightway protocol. Lightway is still ExpressVPN's primary protocol and WireGuard's introduction simply gives users more options. ExpressVPN has recently announced a partnership with BitRipple to integrate its LT3 acceleration into Lightway. This aims to boost Lightway's speeds and connection stability. Lightway's speeds traditionally made ExpressVPN one of the fastest VPNs. We previously saw speeds of 898 Mpbs in our testing. However, our most recent test of Lightway's speeds saw it hover around 350 Mbps – a rather disappointing result. However, ExpressVPN boasts a Lightway Turbo option and we recorded speeds of 1,617 Mbps on a 10 GB line – faster than any other VPN we tested. The only downside to this is Lightway Turbo is currently only available on Windows. Despite this, for everyday use and streaming, you shouldn't have a problem with ExpressVPN's speeds. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Techday NZ
23-07-2025
- Business
- Techday NZ
Fortinet adds quantum-safe encryption to FortiOS 7.6 update
Fortinet has announced enhancements to its FortiOS operating system that aim to protect organisations against potential threats posed by quantum computing to existing encryption standards. Quantum security risks The evolution of quantum computing has raised concerns among cybersecurity professionals and organisations responsible for sensitive data. Quantum computers, which utilise principles of quantum mechanics, are expected to process complex calculations significantly faster than current technology, making it feasible to break traditional encryption methods protecting network and user information. Industries such as telecommunications, financial services, government, and healthcare are seen as particularly at risk because they handle data that must remain confidential over many years. Some cybercriminals are already engaging in so-called "harvest-now, decrypt-later" attacks, where they collect encrypted data with the intention of decrypting it in the future as more powerful quantum computers become available. New capabilities in FortiOS Fortinet's latest FortiOS release, version 7.6, includes features intended to allow customers to deploy quantum-safe encryption methods and transition to post-quantum security environments. These features are integrated and available to users of FortiGate next-generation firewall and Fortinet Secure SD-WAN at no additional cost. The update includes support for post-quantum cryptography (PQC) methods such as National Institute of Standards and Technology (NIST)-approved algorithms like ML-KEM, as well as emerging algorithms BIKE, HQC, and Frodo. Quantum key distribution (QKD) support is also included, providing a method for securely exchanging encryption keys using quantum mechanics so that any attempts at eavesdropping can be detected. QKD support was initially introduced in FortiOS 7.4, allowing compatibility with various QKD technology providers through standardised interfaces. To improve overall resilience, the system allows for algorithm stacking – the use of multiple cryptographic algorithms in tandem. Other enhancements include a hybrid mode, where both conventional public-key cryptography and QKD can operate together, and an updated user interface to simplify the management of quantum-safe settings by network administrators. Industry perspective Michael Xie, Founder, President, and Chief Technology Officer at Fortinet, said, "At Fortinet, we're committed to arming customers with cutting-edge technology to protect against new and emerging threats. As quantum computing advances, organisations can trust Fortinet's technology innovation and leadership to safeguard their critical data and future-proof their infrastructures. Many enterprises are eager to take action to protect their networks from quantum-powered threats. That's why we've made cutting-edge, quantum-safe features available today for FortiGate next-generation firewall and Fortinet Secure SD-WAN customers, so they can confidently transition to post-quantum security." Deployment and future-proofing The approach of integrating both networking and security in one operating system allows Fortinet to deliver contemporaneous security updates, such as these new quantum-resistant capabilities. By deploying these features now, customers can address security needs prompted by developments in quantum technology while ensuring current performance levels are not impacted. The update is positioned as part of Fortinet's focus on providing practical tools for organisations managing sensitive or long-term data. The inclusion of PQC methods and QKD is intended to assist IT teams in preparing their infrastructure for future threats, rather than responding retroactively once quantum attacks become practical. With the rollout of FortiOS 7.6, organisations have access to quantum-safe encryption and key distribution options alongside the ability to stack algorithms for layered protection and migrate to hybrid or fully post-quantum environments as required. The user interface changes are intended to aid a smoother adoption process and reduce operational complexity for administrators. Fortinet's strategy continues to be rooted in the convergence of networking and security in a single platform, with updates such as the latest FortiOS release reflecting ongoing adjustments to emerging threat landscapes including the advent of quantum computing.
