[theandrewbailey]

HN doesn't handle super-secure data, outside of email addresses and passwords (which should not be re-used elsewhere). I'm skeptical that HN would benefit much from using post-quantum crypto, over using current recommendations like https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&...

That said, HN could use an update in configuration (disable TLS 1.0 and 1.1 and CBC ciphers, enable TLS 1.3): https://www.ssllabs.com/ssltest/analyze.html?d=news.ycombina...

I get it, new crypto algorithms are cool, but these just aren't widely implemented in browsers or servers yet, and we're still several years out from a quantum computer breaking 2048 bit RSA or 256 bit ECDSA.

[Azerty9999]

I just asked the question because I wonder if getting more responsive/agile to security protocol updates should become more of a norm. Why not start as an example of that here if it doesn't take much cost/time/effort? For whatever reason it doesn't seem like just security theater. NIST, Google, Apple, and others seem to be taking this admittedly unknown threat seriously. It's good to balance skepticism with curiosity here I think (the podcast episode below agrees). The certainty of this happening anytime soon is publicly unknown of course, but if in the rare chance it happens, even within a decade or two, the consequences could be serious. Apparently it was Richard Feynman, perhaps amongst others who raised the question regarding quantum computers according to this interesting Google podcast. During the podcast a host reportedly with an apparent PhD in Quantum Mechanics started to take it more seriously.. Thank you for your thoughtful response! https://cloud.withgoogle.com/cloudsecurity/podcast/ep164-qua...