PQConnect – a new easy-to-install layer of Internet security from DJB, Lange

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  1. pqconnect

    PQConnect - A new easy-to-install layer of Internet security (git mirror)

    > The advantage of PQConnect is that, once you have installed PQConnect on your computer, PQConnect automatically detects servers that support PQConnect, and transparently encrypts traffic to those servers.

    I mainly take issue with this claim of "automatically" detecting servers and magically doing post-quantum magic to your connections, magically.

    It seems to do so by noticing that DNS records for names are CNAMEs that match a format ("pq1" and then a 52-char b32-encoded hash), which it does by creating a netfilter rule for "udp sport 53" [0].

    So, I guess if you don't have adversaries racing your DNS response packets, and you're not using dns-over-tls or dns-over-https, then the magic can work.

    One glaring problem with this kind of automatic, magic setup is that if you do have attackers, or if your system does dns in some newfangled way that wasn't thought up in the 1980s, then it doesn't secure your connection, but it also doesn't tell you that it failed to do so.

    So many clients (imap, ldap, anything) that use StartTLS don't default to "fail if TLS doesn't work" and don't tell the user anything about it, and it makes me hate StartTLS even though the fault isn't directly with StartTLS.

    [0] https://github.com/jedisct1/pqconnect/blob/6d093005ed164ff31...

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. rosenpass

    Rosenpass is a post-quantum-secure VPN that uses WireGuard to transport the actual data.

    There are a number (or just one? Mullvad) of commercial VPN providers that provide an optional PQC layer, and that fact is referenced on this project's page.

    There is also VPN software that incorporates PQC (also referenced): https://rosenpass.eu

    What this project attempts to do is to establish a PQC stream between any two peers end-to-end (in most situations one of the peers will be a server). This is an important difference as a VPN expects a network-protocol (eg. IP) tunnel of some sort to flow across.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Randomness extractors: making fair coins out of biased coins

    2 projects | news.ycombinator.com | 15 Sep 2024

  • Rosenpass – formally verified post-quantum WireGuard

    1 project | /r/patient_hackernews | 28 Feb 2023

  • Rosenpass – formally verified post-quantum WireGuard

    1 project | /r/hackernews | 28 Feb 2023

  • Rosenpass – formally verified post-quantum WireGuard

    1 project | /r/hypeurls | 28 Feb 2023

  • Convert enum into/from number in Rust

    1 project | dev.to | 17 Mar 2025

Did you know that Rust is
the 5th most popular programming language
based on number of references?

Loading...