Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured by attackers can now be stored and decrypted as soon as quantum computing catches up.
How urgent is quantum-resistant cryptography?
The Global Risk Institute’s 2025 Quantum Threat Timeline report shows that surveyed security specialists believe a cryptographically relevant quantum computer is likely to be available within 15 years, with 51-70% indicating so. The threat dates back to 1994, when Peter Shor proved that a powerful quantum computer could efficiently factor large numbers and compute discrete logarithms. However, Shor’s algorithm applies to public-key cryptography, posing no meaningful threat to symmetric encryption like AES-256 or modern hashing. This distinction matters because public-key cryptography is what two systems use to establish trust and agree on the keys that protect their data. If a quantum computer can break that step, the attacker can unlock the protected data and credentials behind it.
What makes the quantum threat relevant today, rather than solely in the future, is a tactic known as Harvest Now, Decrypt Later, in which an attacker captures encrypted traffic today, stores it, then decrypts it when a quantum computer is available. With a capable quantum computer plausibly available within 15 years, any data intercepted and harvested today should be treated as data already exposed.
Q-day deadlines
Even though it’s unclear exactly when a quantum computer will arrive, government agencies are setting deadlines around the milestone known as Q-day for when cryptography must change. NSA’s Commercial National Security Algorithm Suite 2.0 will require new national security systems to start supporting quantum-resistant algorithms starting January 1, 2027. While deadlines are staggered for various system categories throughout the early 2030s, the NSA hopes to make all national security systems quantum-resistant by 2035. NIST is moving on a parallel track with its draft IR 8547, which deprecates RSA-2048 and ECC P-256 after 2030 and disallows them entirely after 2035. These dates may seem far away, but a full enterprise transition could take 5 to 15 years, since the discovery phase alone can take 1 to 2 years in large enterprises.
Why credentials carry major risk in a post-quantum future
Not all encrypted data within an organization carries the same risk when the cryptography protecting it eventually becomes obsolete. Most secrets, like session tokens, have a confidentiality lifetime measured in months; credentials may persist for years or as long as…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
