Skip to main content
April 4, 2026
Solved

Re Blog Post: A first step toward post-quantum security

  • April 4, 2026
  • 2 replies
  • 107 views

Fascinating. But one thing I think would have been helpful. The post contains a test to see if your browser is ready for post-quantum security. From what I've read, consumers reading this will always fail the test, as there aren't yet any consumer level routers capable of handling the new protocol. It would have been helpful had there been a note to this effect.

Thanks.

Best answer by Pleonasm
fssbob wrote:

But most home users are going to be using a router, and per the reading I've done all of the existing home routers strip the necessary bytes that allow X25519MLKEM768 to work.

@fssbob, can you please share a few references that you have read about the incompatibility of home routers with X25519MLKEM768?  There is no discussion of router requirements by Cloudflare in State of the post-quantum Internet in 2025. Additionally, Cloudflare reports that as of "October 2025, we reached a major milestone for Internet security:  the majority of human-initiated traffic with Cloudflare is using post-quantum encryption."  It seems unlikely that 50%+ of internet traffic would successfully be using post-quantum encryption, if there were widespread router incompatibility issues.

Also note that Cloudflare reports that Safari 26 on iOS and macOS are compatible with X25519MLKEM768 - again, with no qualification that the compatibility is contingent on router hardware capabilities.  For myself, I am seeing that Safari 26 on iOS 26.4 is compatible with X25519MLKEM768, as reported in this test; using a four-year old NETGEAR consumer router.

P.S.:  It does appears that a router which has Deep Packet Inspection enabled may cause incompatibilities with X25519MLKEM768.  Also, the use of security software (e.g., GravityZone by Bitdefender) with TLS inspection features may likewise cause an issue.

2 replies

April 4, 2026

@fssbob, can you please elaborate on the router requirement issue for supporting post-quantum cryptography?  Mullvad VPN, for example, currently supports post-quantum cryptography by default across multiple platforms and devices - and, there is no router requirement.

P.S.:  Link to the 1Password blog post:  A first step toward post-quantum security.

fssbobAuthor
April 4, 2026

If there's no router in the picture, then of course it's not an issue. But most home users are going to be using a router, and per the reading I've done all of the existing home routers strip the necessary bytes that allow X25519MLKEM768 to work. Doesn't matter whether you're using a VPN or not (at least it didn't in my case). You can test your support of X25519MLKEM768 by going to https://pq.cloudflareresearch.com/. That page will immediately tell you whether your setup supports X25519MLKEM768 post-quantum encryption.

PleonasmAnswer
April 4, 2026
fssbob wrote:

But most home users are going to be using a router, and per the reading I've done all of the existing home routers strip the necessary bytes that allow X25519MLKEM768 to work.

@fssbob, can you please share a few references that you have read about the incompatibility of home routers with X25519MLKEM768?  There is no discussion of router requirements by Cloudflare in State of the post-quantum Internet in 2025. Additionally, Cloudflare reports that as of "October 2025, we reached a major milestone for Internet security:  the majority of human-initiated traffic with Cloudflare is using post-quantum encryption."  It seems unlikely that 50%+ of internet traffic would successfully be using post-quantum encryption, if there were widespread router incompatibility issues.

Also note that Cloudflare reports that Safari 26 on iOS and macOS are compatible with X25519MLKEM768 - again, with no qualification that the compatibility is contingent on router hardware capabilities.  For myself, I am seeing that Safari 26 on iOS 26.4 is compatible with X25519MLKEM768, as reported in this test; using a four-year old NETGEAR consumer router.

P.S.:  It does appears that a router which has Deep Packet Inspection enabled may cause incompatibilities with X25519MLKEM768.  Also, the use of security software (e.g., GravityZone by Bitdefender) with TLS inspection features may likewise cause an issue.

fssbobAuthor
April 4, 2026

Looks like I made the mistake of trusting a Gemini summary that was out to lunch. It's not a real issue. And you identified the reason I was seeing a failure on the Cloudflare test--the cause was my Avast security software. Thanks for your detailed response, and sorry about spreading misinformation.

April 4, 2026

@fssbob, I also have trusted an incorrect AI summary from time-to-time, and suspect the same is true for many people nowadays.

FYI:  In looking at this interesting issue, I used the Research Assistant by Kagi which I have found to be generally more thorough and trustworthy than other AI tools.