| ▲ | bradley13 2 days ago |
| This is true, practical quantum computing is always "just a couple of years away". At the same time, moving to more secure encryption really isn't difficult. How many times have algorithms been deprecated over the past 20 or so years? It's time to do it again. Let's just make sure that the NSA hasn't worked in any backdoors. At latest since Snowdon, anything they work on is suspect. |
|
| ▲ | Tyyps 2 days ago | parent | next [-] |
| There is no clear evidence that the risk of "a practical post quantum computer would arrive in the next 5 years" is greater than "post quantum scheme X is broken" for any scheme X. The only way to go is hybridation and it is quite hard from an engineering point apparently. |
| |
| ▲ | tardedmeme 2 days ago | parent [-] | | There is evidence of the opposite: graph singular isogeny mumbo jumbo algorithm was proven to be easily broken on an ordinary computer. Hybrid encryption is as simple as running one encryption and then the other. Problem is mostly that post quantum keys are large. | | |
| ▲ | i_think_so 2 days ago | parent [-] | | Am I missing something fundamental here? If Algo-A and Algo-B both rely on "factoring big numbers is hard!" then once the Quantumpocalypse occurs, breaking Algo-B(Algo-A(plaintext)) is no harder than asking ChatGPT 99.5 to add an extra step in your vibe coded cracking engine's frontend, such that it now does B_breaker < cyphertext | A_breaker >> plaintext.lol or whatever the equivalent is for the fashionable language of the that future day. | | |
| ▲ | voxic11 2 days ago | parent | next [-] | | He was saying hybrid encryption as in use both a well established classical "factoring big numbers is hard!" algo and also a fancy new post quantum cryptography algo. That way if it turns out the fancy new algo can be broken by non-quantum computers at least you aren't in a worse position than you were in before because you are still protected by the well established classical algo. | |
| ▲ | tardedmeme 2 days ago | parent | prev [-] | | You have to break both algorithms. One of them is quantum-safe if it's secure, but it could also be completely insecure like supersingular isogeny was. |
|
|
|
|
| ▲ | ipython 2 days ago | parent | prev | next [-] |
| I hard disagree with your assertion that moving to more secure encryption isn't difficult. It is insanely difficult, especially at global scale. |
|
| ▲ | AshamedCaptain 2 days ago | parent | prev | next [-] |
| And in the process immediately convert huge numbers of devices into ewaste. Then check the excuse calendar again for tomorrow's reason to deprecate yet another batch of "legacy" ciphers from openSSL. |
| |
| ▲ | FartyMcFarter 2 days ago | parent [-] | | The sooner we start making devices ready for better encryption systems, the fewer devices will be wasted. | | |
| ▲ | AshamedCaptain a day ago | parent [-] | | No, because there always are "better encryption systems", whether for good reasons or not that's another story. |
|
|
|
| ▲ | bwesterb 2 days ago | parent | prev [-] |
| It'll be a 90/10 rule: 90% of the upgrades will be straightforward. It's important the 10% that'll be hard early. For many it's probably already too late. |
