Lucene search
K

Shor's Harvest Now Decrypt Later

🗓️ 09 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 12 Views

Reports services vulnerable to quantum attacks via Shor's algorithm that can break cryptography.

Refs
Code
SourceLink
nessuswww.nessus.org/u
#TRUSTED 1e20ffdf278d61039e24825757d1654ca6520d50b30406e37003642300bf9b30dbd2026399f758beda30ea0419d18ee7574eef97090dab58aa8af85c59aba9bd6c1e9fcb2fd3687baf40619a06eb4903b595c543a6cac03adba5aa7764f96b7d6ab7555c1413306c962d937c8dc0cd95309ee673a1fe45f7a5e6b04551e10ae7215e2706deba7da78fa566c1d9bfa534d3979b03110816b9f663483d37ca449f04c1b9bfcab2d6173fb89b7b928379cff67c2ee1cf1bf7a0375afbc9155d3bcd04e47a09327a2e93b5642d8211e1a018dc6c9186b7c74ffecac907a461591c6818eb1b9d7c3848bf44244041e5d8c22d7c01039247fb3e3bc065bc4c776884c6f96802af8256540cd3d22fed76fc5437f02145b6c1210286bbde5310c672d02d1b5ab1eaad7f159dbdddccee3ade47cfea22a011863d330afa1df9aa83d93f4a2dd17a5213cfe868cf25bac1cb8a5af2fc96a228506718c3e4702debac27d7cc3e6f04a95062f50a6c2b41440f5ab5214c0d758dda4cc0e24082d1fdd772919aafb0b550f91719c014be7670e8cb2b6b74d2d2bc8879be040661fdc01abcef571fd044c166730f6b49cb4df4a16905e9b276dc7404bcfa146df1b15ff3ac83e36850cfb53da7534ef20306e056ffc2513960ddd2ca15a30b5ae7d48d028f995c201f29f335985d8e5f1bcd2214af0b052c41648a5c55d62bf168f901280f41bf
#TRUST-RSA-SHA256 666d749a3f9de02e893ea41c363998489042636ab48eba6f3704e7b35a2074c2c7f33716e73b24489ee9db19aa47793c3f8fd2883841b3b3f8a9483f7095b918911e2c24ab701ce07524521f8fc0febbda3d41e6b40b1b2e13183b0d79b8fa5a5b1fb0a10f9e1170b6336f10111a067d0f903c09c8e95252892e0c03f934d0a609bd91703a16dc9b7c319e1538a278ec383cdd7731f48df3c6413491282913f476014e9fe80a7cac323df306c3d8ec782b18769744f2e382687e84403fd3ad564155884c5558adfb1104d61165d2347e97af0ec26637ef7e1212fd5aa680b5a7b1ece4adea6557f62f0822dfe1e5a93f2c4ae4509645e9016096ed7b94e65712b6ca303aa272ed292ab5da125598b6fe274744f28c486c5c74aca99e653a1c49b8a3cec0d434af239089c26ee0777dd3ec0bd3d2369db2e4e90a8674f3a3ec26ec47b5aa813629207de0c6e1f456d5820687b160c8fe0552345305278a37dc665572dd3cf5a86cba7a41b17d0389547722e9a9cec5e3039eb211d6db97efe8bd5a6703837fd521d0bb86c09fdf39ef7889600dc84d092794045087af422e81a57e9887a3a40fa78afa3be109e42b0513649b17e934d1f00b195afa259d3be437c2170b0f92df4b7214219ab4e761f1f5c3a076672d0b3a7ed5f9b9540d54adb68348ee96bcd01a450c5aea5dbb30092cc7b26aecbc7d09f9faffff31c300870a
#%NASL_MIN_LEVEL 80900

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(298387);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/13");

  script_name(english:"Shor's Harvest Now Decrypt Later");

  script_set_attribute(attribute:"synopsis", value:
"Reports remote services potentially vulnerable to Shor's Algorithm.");
  script_set_attribute(attribute:"description", value:
"This plugin reports network services that may be vulnerable now to
a future attack by adversaries using a cryptographically relevant
quantum computer (CRQC). Shor's is a theoretical algorithm that
leverages the unique ability of quantum computation to do massively
parallel calculations developed by Peter Shor in 1994.

This algorithm easily computes two classically difficult mathematical
problems used in modern cryptography; discrete logarithms, and
factoring numbers formed by multiplying large primes.  Shor's reduces
both of these problems from taking exponential time in chosen cases
to being solvable in polynomial time.

Asymmetric encryption algorithms such as RSA, Diffie-Hellman and
Elliptic Curve Diffie-Hellman are impacted by Shor's Algorithm.  The
most common uses of these algorithms are in symmetric key
establishment and authentication.  These uses render Shor's
Algorithm particularly dangerous because it may give an adversary the
ability to harvest network communications now, and in the future,
when a CRQC becomes available, extract the symmetric key and decrypt
the communication.");

  script_set_attribute(attribute:"solution", value:"
Replace affected ciphers with algorithms chosen to resist CRQC attack.");
  script_set_attribute(attribute:"risk_factor", value:"None");
  # https://pages.nist.gov/nccoe-migration-post-quantum-cryptography/FAQ/index.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?54fba2c1");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"General");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_supported_algorithms.nasl", "tls_supported_groups.nasl", "ssl_supported_ciphers.nasl");
  script_require_ports("SSL/Supported", "TLS/supported_groups", "SSH/server_algos", "TLS/supported_groups");
  exit(0);
}

include("structured_data.inc");
include("ssl_funcs.inc");

if(!get_kb_item("SSL/Supported") && !get_kb_item("TLS/supported_groups") && !get_kb_item("SSH/server_algos"))
  exit(1, "None of the required KBs are set.");

function tls_kex_affected_by_shors(kex_algo)
{
  if("DH" >< kex_algo || "RSA" >< kex_algo)
    return true;
  return false;
}

function ssh_kex_affected_by_shors(kex_algo)
{
  if("diffie-hellman" >< kex_algo || "ecdh" >< kex_algo || "curve25519" >< kex_algo)
    return true;
  return false;
}

function report_cipher(port, proto, cipher, &report_ciphers)
{
  if(!isnull(report_ciphers) && !isnull(port) && !isnull(proto) && !isnull(cipher))
  {
    var key = strcat(proto, ":", port);
    var clist = report_ciphers[key];

    if(isnull(clist))
      clist = {};

    clist[cipher] = 1;
    report_ciphers[key] = clist;
  }
}

var report_ciphers = {};

# TLS
var supported_group, supported_groups, info, key_exchange, port;
var cipher_groups, group, cg_text, g_count, cipher;
var ports = {};
var kb, kb_cipher, s;
var kb_ciphers = get_kb_list("SSL/Ciphers/*");
for(kb in kb_ciphers)
{
  port = kb - "SSL/Ciphers/";
  ports[port] = 1;
}

for(port in ports)
{
  kb_ciphers = get_kb_list("SSL/Ciphers/" + port);
  for(kb_cipher of kb_ciphers)
  {
    supported_groups = get_kb_list("TLS/supported_groups/" + port + "/*/" + kb_cipher);

    info = split(ciphers_desc[kb_cipher], sep:'|', keep:FALSE);
    cipher = ereg_replace(string:kb_cipher, pattern:"^(TLS)\d+(.*$)", replace:"\1\2");

    if(!empty_or_null(ref:supported_groups))
    {
      cipher_groups = [];
      for(supported_group of supported_groups)
      {
        key_exchange = info[2];
        if(info[2] == "-")
        {
          if("ffdhe" >< supported_group)
            key_exchange = "DHE";
          else
            key_exchange = "ECDHE";
        }

        if(!is_pqc_group(group:supported_group) && tls_kex_affected_by_shors(kex_algo:key_exchange))
          append_element(var:cipher_groups, value:supported_group);
      }
      if(!empty(ref:cipher_groups))
      {
        cg_text = "";
        g_count = 0;
        s = "";

        foreach group(cipher_groups)
        {
          if(g_count == 1)
            cg_text = strcat(" or ", cg_text);
          else if(g_count > 1)
            cg_text = strcat(", ", cg_text);

          cg_text = strcat(group, cg_text);
          g_count++;
        }

        if(g_count > 1)
          s = "s";

        cg_text = strcat(cipher, " with curve" + s + ': \n\t\t', cg_text);

        report_cipher(port:port, proto:"TLS", cipher:cg_text, report_ciphers:report_ciphers);
      }
    }
    else
    {
      if(tls_kex_affected_by_shors(kex_algo:info[2]))
        report_cipher(port:port, proto:"TLS", cipher:cipher, report_ciphers:report_ciphers);
    }
  }
}

# SSH
var ciphers;
kb_ciphers = get_kb_list("SSH/*/kex_algorithms/kex_recv_namelists");
for(kb in kb_ciphers)
{
  port = preg_replace(string:kb, pattern:"^SSH/(\d+)/.*$", replace:"\1");
  ciphers = split(kb_ciphers[kb], sep:",", keep:false);
  for(cipher of ciphers)
  {
    if(ssh_kex_affected_by_shors(kex_algo:cipher))
      report_cipher(port:port, proto:"SSH", cipher:cipher, report_ciphers:report_ciphers);
  }
}

if(empty_or_null(ref:report_ciphers))
  audit(AUDIT_HOST_NOT, "vulnerable to Shor's algorithm.");

var pp, proto, p_and_p;
var report = "";
for(p_and_p in report_ciphers)
{
  pp = split(p_and_p, sep:':', keep:false);
  proto = pp[0];
  port = pp[1];
  ciphers = report_ciphers[p_and_p];

  report += 'The ' + proto + ' service on port ' + port;
  report += " offers these ciphers vulnerable to Shor's:" + '\n';

  for(cipher in ciphers)
    report += '\t' + cipher + '\n';

  report += '\n';
}

security_report_v4(port:0, severity:SECURITY_NOTE, extra:report);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation