Sophie SchmiegObjects in the quantum mirror are closer than they appear.
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
RootWyrm 🇺🇦
@sophieschmieg this is more ginning up the quantum grift as fast as they possibly can, seeing that the AI bubble is about to pop.
(The possibility of a real quantum system with any hope of repeatedly cracking RSA4096 or better in a reasonable time span by 2029 remains approximately nil.)
(The possibility of a real quantum system with any hope of repeatedly cracking RSA4096 or better in a reasonable time span by 2029 remains approximately nil.)
پویان Pouyan @rootwyrm to be honest, I think q-day, and quantum panic in general, is a real good opportunity to inventory cryptographic assets and make sure that everything is up to date.
If a CRQC (cryptographically relevant quantum computer) will ever exist, is secondary. I know big companies who still use default algs 3DES and RC2 for #pkcs12 because it's default in bouncy castle.
@sophieschmieg
If a CRQC (cryptographically relevant quantum computer) will ever exist, is secondary. I know big companies who still use default algs 3DES and RC2 for #pkcs12 because it's default in bouncy castle.
@sophieschmieg
@i @sophieschmieg oh, don't get me wrong, getting rid of terrible cryptography is a noble and important goal.
Using scaremongering and vaporware to drum up support for your next grift, not the way to do it. We've seen this idiotic song and dance before, screaming about how supercomputers would crack it any day now.
The RSA Factorization Challenge launched in '91. RSA110 took months. RSA160 and 576 took 13 years. 768's the largest ever achieved; even 1024 still hasn't been done 35 years on.
@rootwyrm I’m totally with you on that. I was in charge of a PQC-migration (170k budget) at mid-sized (300 people) company. And the very first thing I did was to write a comprehensive article in our internal wiki to make it clear, that I don’t think CRQCs are feasible.
However, the money provided me with the resources necessary to determine what the developers are doing and eliminate poor cryptographic practices. So, if people want to pay me to reassure them that we are PQC-safe, then that’s fine by me!