I can’t believe that no one is posting on new hardware/firmware/software developments in regards to quantum cryptography. It took me a while to comprehend the context of the article, but basically, it states that using the Librem PQC Encryptor for encrypted communication, like using the P2P or walkie talkie type of technology found in Librem 5’s/Liberty’s hardware/firmware/software. You’re going to need at least two compatible devices. Probably same brand for both sender and recipient. Of course, if quantum encryption technology is compatible with Purism products (listing Librem PQC Encryptor, Librem Server, Librem Mini, Librem 14, Librem 11, Librem Liberty, Librem 5, and Librem 5 Refurnished) or any other Linux/BSD OS variants (including those with GNU/Linux and GNU/Linux-libre kernels), that would be great news.
I would like to see a test run of these devices in terms of capability. We can see the performance done with Librem 5 on URL address Quantum Safe Communication with Purism – Purism. That said, the countermeasure against quantum decryption seems to focus on data mining on a ISP level, but I could be wrong. According to the article, it seems that quantum decryption can be done by man-in-the-middle and evil maid cyber-attacks.
I doubt that PGP/OpenPGP/GNUPGP alone could help circumvent quantum MITM+decryption, but that's where the quantum technologies come in as a quantum version of SSL CA/certificate and HTTPS:// protocol.
As for evil maid cyber-attacks, the risk takes on a greater scale due to exposure. If hardware can be replaced, quantum decryption may not be required to hack into the OS inactive state or user accounts. I tried 2FA/MFA encryption on a OS partition/volume, but failed to get the registry working on the 2FA/MFA prompt. The software was in alpha version anyways. Reference material: https://forums.puri.sm/t/software-question-mfa-encryption-of-external-internal-storage-media-device-s/28280/3
Back on quantum-based data mining and decryption, I think that any password/LUKS encryption will be eventually hacked, given the the knowledge and use of the authentication software. It’s probably better if the quantum encrypted data is stored in a container, which would self-terminate or delete the contained data upon repeated authentication failure. Of course, a data container is in essence, a possible trojan horse malware scenario. It’s best if there is a way to prevent data mining in the first place, but that is a far-fetched plan.
Quantum technology doesn’t have to stay in the role of decryption. Its potential is vast. One day, there might be quantum-based cracking, fork bombs (DoS variant), trojans, rootkits, computer worms, bots, spam, spoofing, DDoS, etc. I dare say that quantum-based doxxing and unauthorized MAV/SUAV surveillance (authorized MAV/SUAV security cameras/alarms might be the exception) might be even possible. I almost forgot to mention GNUBoot as a free firmware possibility in case that should PureBoot run into a brick wall. Quantum cyber-security may have future conflicts with quantum cyber-attacks/crimes.
Why would Purism work with government agencies on quantum encryption issues, as the arricle says? I can see governments saying things such as “Good catch Purism, we would have never thought of that. Of course, now we’re going to have to pass a law that when you implement this fearure, that government agencies are given back door access to this specific lockout. You don’t actually expect to lock us out too, do you?”.
Wouldn’t it just be better to put quantum lockouts deep in to the source code and not to be very specific about where in the code they are, and how they work? I can see that it would be advantageous for Purism’s bottom line financially, to work with various governments and if they do well enough, Purism might earn some lucerative government contracts. But who does Purism really work for? What are Purism’s loyalties? Aren’t they better to work at arm’s length with governments and to to keep the advantage well seated in the opensource community?
I can see the government cryptography people calling Purism and the calls going something like this: call 1: “… oh, you’re a cryptographer with the Department of Homeland Security. That’s outside of my area of expertise. Let me put you right through to someone who can help you.” Call 2: “… oh, all you get is a voice mail when you call our cryptographer. Have you tried leaving a message? … you have, several times. I’ll try to reach him myself for you. Oh, you know, he will be out on vacation until next April. But we’ll have him call you when he returns.” Call 10: “yes, yes we did get the subpoena and the gag order”. WARRANT CANARY.