@feistyduck In your last newsletter you wrote:
> (...) Second, a lot of encryption has to survive for decades, and some believe that a working quantum computer is a couple of decades away. Thus, if you’re protecting serious secrets, you want to start using PQC now (...)
Not being a cryptographer, I'm wondering the following: decades-long storage seems to me to imply documents, usually encrypted with something like AES. That's not affected by QC, right?
So what am I missing?
1/2
@feistyduck
Sorry for the terseness, this instance has a character limit.
I did read the part about "This is especially true for key agreement", but my original question still stands:
If I understand correctly, symmetric encryption is not (yet) affected by quantum computers. So this paragraph still doesn't really make sense to me.
I assume I misunderstand something, hence this question.
2/2
@jacobk Store now, decrypt later is now new. We're talking about quantum computers now because everybody is using forward secrecy.
Back in the day when everybody used the RSA key exchange, you could store someone's network traffic, later break into their server and get their server's private key, then decrypt retroactively.
IIRC, something like that happened to Lavabit a decade ago.
@feistyduck Thanks for the thorough explanation.
"Store now, decrypt later" wasn't really on my radar yet. That's an interesting attack vector.
One learns something new every day!
Jacob
Feisty Duck