This looks like shifting the goal posts after realizing that they can't reach the quantum computer. Any 5 years now. Just like fusion, just like AGI, just like selfdriving and colonizing Mars any day now. Show me a practically working one. Show me it's build method scalability. Show me that your machine can do anything more than a few very narrow usecase problemsolving. Haven't seen any proof yet. Until you do the homework, not gonna believe one nonquantum bit of your claims, regardless of your size. It cea
They are hallucinating hard. The current actual actual quantum factorization is not even 35 (that attempt failed, overview in https://eprint.iacr.org/2025/1... [iacr.org]).
While crypto-agility is a good idea, there is no threat from Quantum "Computing" and there may never be one.
The public/private key can be big and slow, as it's only used during the initial handshaking and login anyway. I'm not going to notice any extra couple if tenths of a second logging in.
After that everything is (much much faster) symmetric encryption.
You still need a PQC algorithm here too, though. AES-256 is still considered quantum-resistant, for now, at least, so we're good.
Quantum hardware may never be up to the task. They cannot even factorize 35 at this time (https://eprint.iacr.org/2025/1237). The whole thing is a mirage and a bad idea that refuses to die.
Incidentally, even if they ever become able to do tasks of meaningful size, QCs are completely unsuitable for reversing hashes and that is what cracking passwords needs.
No idea. But what we have in "post quantum" crypto is all laughably weak against conventional attacks and laughably unverified. We have had finalists of competitions broken with low effort (one laptop) and the like. Moving to these algorithms is an excessively bad idea.
They are hallucinating hard. The current actual actual quantum factorization is not even 35 (that attempt failed, overview in https://eprint.iacr.org/2025/1... [iacr.org]).
While crypto-agility is a good idea, there is no threat from Quantum "Computing" and there may never be one.
After that everything is (much much faster) symmetric encryption.
You still need a PQC algorithm here too, though. AES-256 is still considered quantum-resistant, for now, at least, so we're good.
Quantum hardware may never be up to the task. They cannot even factorize 35 at this time (https://eprint.iacr.org/2025/1237). The whole thing is a mirage and a bad idea that refuses to die.
Incidentally, even if they ever become able to do tasks of meaningful size, QCs are completely unsuitable for reversing hashes and that is what cracking passwords needs.
No idea. But what we have in "post quantum" crypto is all laughably weak against conventional attacks and laughably unverified. We have had finalists of competitions broken with low effort (one laptop) and the like. Moving to these algorithms is an excessively bad idea.