Sophie Schmieg23h ago

A very nice explainer why "if you're so worried about quantum computers, why haven't they factored 21 yet?" isn't a very convincing argument. Look at the labels of the graph, and how extremely close the various lines are for factoring 21 and 2048 bit numbers. Polynomial scaling remains polynomial, unfortunately, and by the time you can factor 21 you're almost ready to break RSA.

https://bas.westerbaan.name/notes/2026/04/02/factoring.html

Factoring is not a good benchmark to track Q-day

Homepage of dr. Bas Westerbaan, principal research engineer at Cloudflare, working on making the Internet post-quantum secure

Show threadSerge Droz

@sophieschmieg This articlae say, you shouldn't take factoring as a good metric to measure progress, fair enough, but then you argue, in fact it's gonna be very soon we can factor. Isn't this a contradiction? THis is not a snarky remark. Personally I think QC is a risk, like there are many others. But I think there are biger, known risks.

And the store now decrypt later stuff I think is non-sense. Storing everything is not feasible, storing select stuff means you have a problem now, because some one ass already access to select important stuff. That boils down to a quote from Adi Shamir: NSA is not a crypto breaking agency, it's a crypto evading agency,

7:22amWeb