Filippo Valsorda1d ago

Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.

That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.

https://words.filippo.io/crqc-timeline/

A Cryptography Engineer’s Perspective on Quantum Computing Timelines

The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.

Show threadmulti

@filippo you mentioned that file encryption is particularly vulnerable to store-now-decrypt-later – do i understand correctly that e.g. an old passage database which uses pre-quantum recipients is vulnerable if the encrypted files are leaked or compromised?

the mitigation here would be to migrate to a new passage db using *only* post-quantum-proof recipients *and then also* rotate all the passwords in the database, right?

Apr 7 at 10:38amWeb
Show threadFilippo Valsorda17h ago
@timezone I'm afraid so, yes. (With the asterisk that the attacker also needs the public key to use a QC.)