Sophie SchmiegObjects in the quantum mirror are closer than they appear.
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
RootWyrm 🇺🇦
@sophieschmieg this is more ginning up the quantum grift as fast as they possibly can, seeing that the AI bubble is about to pop.
(The possibility of a real quantum system with any hope of repeatedly cracking RSA4096 or better in a reasonable time span by 2029 remains approximately nil.)
(The possibility of a real quantum system with any hope of repeatedly cracking RSA4096 or better in a reasonable time span by 2029 remains approximately nil.)
پویان Pouyan @rootwyrm to be honest, I think q-day, and quantum panic in general, is a real good opportunity to inventory cryptographic assets and make sure that everything is up to date.
If a CRQC (cryptographically relevant quantum computer) will ever exist, is secondary. I know big companies who still use default algs 3DES and RC2 for #pkcs12 because it's default in bouncy castle.
@sophieschmieg
If a CRQC (cryptographically relevant quantum computer) will ever exist, is secondary. I know big companies who still use default algs 3DES and RC2 for #pkcs12 because it's default in bouncy castle.
@sophieschmieg
@i @sophieschmieg oh, don't get me wrong, getting rid of terrible cryptography is a noble and important goal.
Using scaremongering and vaporware to drum up support for your next grift, not the way to do it. We've seen this idiotic song and dance before, screaming about how supercomputers would crack it any day now.
The RSA Factorization Challenge launched in '91. RSA110 took months. RSA160 and 576 took 13 years. 768's the largest ever achieved; even 1024 still hasn't been done 35 years on.
@rootwyrm I’m totally with you on that. I was in charge of a PQC-migration (170k budget) at mid-sized (300 people) company. And the very first thing I did was to write a comprehensive article in our internal wiki to make it clear, that I don’t think CRQCs are feasible.
However, the money provided me with the resources necessary to determine what the developers are doing and eliminate poor cryptographic practices. So, if people want to pay me to reassure them that we are PQC-safe, then that’s fine by me!
Stijn van Drongelen@i @sophieschmieg @rootwyrm ISO/IEC 27002:2022 had a chance to include not only key management but also cryptographic agility in 8.24, and then just... didn't. ISO disappoints once again.
@stiiin I can imagine that crypto agility an unfulfillable requirement for many companies. Especially if you are implementing protocols that don’t cater for crypto agility.
Elle@rootwyrm @sophieschmieg I have been on point with the next-big-thing prediction since the blockchain (or cloud, or big data, whichever was first). I'd hate to be correct again with quantum, but it seems I'm 'cursed' with market prediction power loool
@hostia @sophieschmieg oh, you're not alone there. I've been warning that the next grift is already running and it's quantum + aneutronic cold fusion.
It's not at all coincidence that the 'AI' dudes who were all cryptobros are also deeply involved in both.
But don't worry. When ChatGPT becomes a superintelligent god, it will solve all those pesky physics problems for them.