[bradley13]

This is true, practical quantum computing is always "just a couple of years away".

At the same time, moving to more secure encryption really isn't difficult. How many times have algorithms been deprecated over the past 20 or so years? It's time to do it again.

Let's just make sure that the NSA hasn't worked in any backdoors. At latest since Snowdon, anything they work on is suspect.

[Tyyps]

There is no clear evidence that the risk of "a practical post quantum computer would arrive in the next 5 years" is greater than "post quantum scheme X is broken" for any scheme X. The only way to go is hybridation and it is quite hard from an engineering point apparently.

[tardedmeme]

There is evidence of the opposite: graph singular isogeny mumbo jumbo algorithm was proven to be easily broken on an ordinary computer.

Hybrid encryption is as simple as running one encryption and then the other. Problem is mostly that post quantum keys are large.

[i_think_so]

Am I missing something fundamental here?

If Algo-A and Algo-B both rely on "factoring big numbers is hard!" then once the Quantumpocalypse occurs, breaking Algo-B(Algo-A(plaintext)) is no harder than asking ChatGPT 99.5 to add an extra step in your vibe coded cracking engine's frontend, such that it now does B_breaker < cyphertext | A_breaker >> plaintext.lol or whatever the equivalent is for the fashionable language of the that future day.

[voxic11]

He was saying hybrid encryption as in use both a well established classical "factoring big numbers is hard!" algo and also a fancy new post quantum cryptography algo. That way if it turns out the fancy new algo can be broken by non-quantum computers at least you aren't in a worse position than you were in before because you are still protected by the well established classical algo.

[tardedmeme]

You have to break both algorithms. One of them is quantum-safe if it's secure, but it could also be completely insecure like supersingular isogeny was.

[ipython]

I hard disagree with your assertion that moving to more secure encryption isn't difficult. It is insanely difficult, especially at global scale.

[AshamedCaptain]

And in the process immediately convert huge numbers of devices into ewaste. Then check the excuse calendar again for tomorrow's reason to deprecate yet another batch of "legacy" ciphers from openSSL.

[FartyMcFarter]

The sooner we start making devices ready for better encryption systems, the fewer devices will be wasted.

[AshamedCaptain]

No, because there always are "better encryption systems", whether for good reasons or not that's another story.

[FartyMcFarter]

It's not another story, the quality of the reasons for scrapping / upgrading devices is the most important thing here.

If the reasons are "the current devices are insecure or likely to become insecure" that's very different from "the new encryption system is a little bit better so there's not much point in upgrading".

If quantum computing never becomes a practical thing, the current hardware and software will stay secure. If it becomes practical, they won't. Seems simple enough.

[bwesterb]

It'll be a 90/10 rule: 90% of the upgrades will be straightforward. It's important the 10% that'll be hard early. For many it's probably already too late.