Filippo Valsorda6h ago

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show threadClemens2h ago
@filippo Couldn't agree more with "the bet is 'are you 100% sure a CRQC will NOT exist in 2030?'" — and I'd also add the operational perspective: "are you 100% sure you've found and replaced every Debian oldoldstable and RHEL 8 box that doesn't support PQC by 2030?"
Show threadFilippo Valsorda
@neverpanic oh Debian oldstable is not gonna make it. stable might not make it! I have a secret, over-optimistic wish that this will kill the "constantly run software 3-5 years out of date" model of distribution, and free us upstreams from having to deal with its fallout, but I know it won't.
7:44pmWeb