TaggartMar 3

As of 2026-03-02, the state of the art in quantum decryption has cracked a:

  • 22-bit RSA key
  • 6-bit elliptic curve key

https://forklog.com/en/quantum-computer-cracks-tiny-cryptographic-key

The IBM QC that cracked the 6-bit key uses 133 qubits.

Some new research suggests that RSA-2048 could be cracked with as "few" as 100,000 qubits.

https://www.newscientist.com/article/2516404-breaking-encryption-with-a-quantum-computer-just-got-10-times-easier/

(Paywall-free)

Such a machine...is not feasible to build any time soon.

So when your CISO or a vendor starts going off about "post-quantum" security, feel free to use this to remind them that we still have SMB1 in some places and Telnet in others. Plenty of work to do around the house.

Quantum Computer Cracks ‘Tiny’ Cryptographic Key | ForkLog

forklog.media
Show threadJosh BressersMar 3

@mttaggart

Oh wow, this topic

I think there are so many angles here (this could make a fun podcast discussion)

So I think there's the angle of nobody talks about or publishes about what I'll call "boring stuff". Fixing SMB1 and telnet is boring

So new ideas and research get all the attention. As many old timers know 99% of these new ideas and research go absolutely nowhere

Thanks to this noise factory, there's nobody talking about the boring stuff (even though I think there should be)

So how do you get attention in this constant noise?

And even the leaders who know better will play the game because movie plot threats will get you more budget than the boring stuff will

Show threadThomas Depierre3d ago
@joshbressers @mttaggart well partially the problem is that fixing SMB1 being out does not require "paying people to work on SMB1". It requires understanding *who* uses it, *why* and *to do what* in *which circumstances*. And then realizing that this is not considered a market with enough money to really matter.
Show threadThomas Depierre

@joshbressers @mttaggart Here is usually my point on this kind of stuff. My mom has a dental clinic. She is the only dentist there, 2 employees, not a big thing. She has 4 computers in there, lot of data and all. Map out her needs, like her actual needs, if we wanted to build her a reliable, secure and backed-up system. How much can she do herself? Do the products even *exists* (spoiler no). If she cannot, can a local IT tech do it in a reasonable budget?

If not, then, well, nearly all SMB are fucked and will use whatever has been easy to install by default.

Mar 25 at 5:15pmWeb
Show threadThomas Depierre3d ago

@joshbressers @mttaggart And like, I am not joking about wanting that exercise being done. I think it should be a mandatory thing to do for the industry every year. Like something an industry wide body should do and publish, as in "reference implementation" but also score how easy it is to do. And if it is not, what is needed, where are the missing bits, etc.

*that* would be strategic thinking.

Show threadthe vessel of morganna3d ago
@Di4na @joshbressers @mttaggart dental clinic software is a great example, especially if they're running Eaglesoft or one of the other popular dental office suites. it's been >10 years since I had to touch it but even that long ago Eaglesoft depended on SMB1 to function properly in a "distributed" config. some of the clinics we picked up had their guest wireless putting clients on the same network as their lovely unsecured SMB1 server with zero firewalling 🙃
Show threadThomas Depierre2d ago

@astraleureka @joshbressers @mttaggart we are in france, so slightly different, but yeaaaaah.

It is a good example of a Small company, with limited ressource but still relatively high income and important data to secure.