# Post-Quantum Cryptography

Termius supports Post-Quantum Cryptography (PQC) to protect data against potential future quantum computing threats, in accordance with NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) standards.

### Key Exchange (KEX) Support

Termius supports both standalone ML-KEM and hybrid modes that combine classical Elliptic Curve cryptography with quantum-resistant algorithms.

* Hybrid Mode: `mlkem768x25519-sha256` (Combines PQ + X25519)
* Standalone ML-KEM: `mlkem512-sha256`, `mlkem768-sha256`, `mlkem1024-sha384`

### Authentication (ML-DSA)

Termius supports ML-DSA (Module-Lattice-Based Digital Signature Algorithm) for host and user authentication.

* Host Keys: `ssh-mldsa-44`, `ssh-mldsa-65`, `ssh-mldsa-87`
* User Keys: Support for ML-DSA SSH keys at levels 44, 65, and 87.

### Compatibility and Fallback

* **Server Support:** Use of these algorithms requires the connected SSH server to also support FIPS 203 and FIPS 204.
* **Automatic Fallback:** If the server does not support ML-KEM or ML-DSA, the application reverts to mutually supported classical algorithms (such as Ed25519 or RSA).

***

### Frequently Asked Questions (FAQ)

<details>

<summary>What is Post-Quantum Cryptography?</summary>

PQC refers to cryptographic algorithms designed to be secure against the processing power of quantum computers. A large-scale quantum computer could theoretically break current classical algorithms (RSA, ECC).

</details>

<details>

<summary>Why use a hybrid algorithm?</summary>

A hybrid algorithm like `mlkem768x25519-sha256` uses both a classical method and a post-quantum method. This ensures the connection remains secure even if one of the two algorithms is found to have a vulnerability.

</details>

<details>

<summary>Does PQC affect connection process?</summary>

ML-KEM and ML-DSA keys and signatures are larger than those of classical ECC. This increases the amount of data sent during the initial handshake, which may result in a small increase in connection setup time depending on network conditions.

{% hint style="warning" %}
On some older systems, the larger handshake can cause the connection handshake to fail and disconnect the session early.

In such a case, you can disable the use of the PQC algorithms in Termius settings.&#x20;
{% endhint %}

</details>

<details>

<summary>How do I enable these algorithms?</summary>

Termius includes these algorithms in its default SSH algorithm list. If the server supports them, Termius uses them automatically. You only need manual configuration if you want to allow only PQC algorithms on the server side.

</details>