Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/sophieschmieg/statuses/114244286543194485">Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST</a><a href="https://infosec.exchange/@sophieschmieg" title="sophieschmieg@infosec.exchange"><img src="https://gnusocial.jp/avatar/41310-48-20241001225805.webp" width="48" height="48" alt="Sophie Schmieg" style="position: absolute; left: 0; top: 0;">Sophie Schmieg</a><div><a href="https://infosec.exchange/@sophieschmieg/114244188442222543" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@sawaba">@sawaba</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> but just in case you don't like watching my YouTube talks, here is the TLDR as to why you might need to care (not everybody has to care, figuring out who does is part of the difficulty):<br>a) whether or not you believe the hype about quantum computers, regulatory pressure puts a hard deadline on the migration for 2035. That's ten years. For encryption in transit you have store-now-decrypt-later, which might incentivise you to move faster, although that is somewhat overhyped, as forward secrecy acts as a form of "quantum annoyance", it depends how high you value you long term confidentiality of your data. <br>b) PQC algorithms are not easy drop in replacements. They are much, much larger than  their classical counterparts, leading to quite a few use cases outright breaking (as the aforementioned WebPKI). Some of these are extremely difficult to migrate as a whole (again, as the aforementioned WebPKI), making 10 years not much time.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4809477#notice-9426923">In conversation</a><time datetime="2025-03-29T23:35:39+09:00" title="Saturday, 29-Mar-2025 23:35:39 JST">about 23 days ago</time> <span>from <span><a href="https://gnusocial.jp/notice/9426923" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/9426923">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JSTSophie Schmieg
in reply to
- Adrian Sanabria
- Kevin Beaumont
@sawaba @GossiTheDog but just in case you don't like watching my YouTube talks, here is the TLDR as to why you might need to care (not everybody has to care, figuring out who does is part of the difficulty):
a) whether or not you believe the hype about quantum computers, regulatory pressure puts a hard deadline on the migration for 2035. That's ten years. For encryption in transit you have store-now-decrypt-later, which might incentivise you to move faster, although that is somewhat overhyped, as forward secrecy acts as a form of "quantum annoyance", it depends how high you value you long term confidentiality of your data.
b) PQC algorithms are not easy drop in replacements. They are much, much larger than their classical counterparts, leading to quite a few use cases outright breaking (as the aforementioned WebPKI). Some of these are extremely difficult to migrate as a whole (again, as the aforementioned WebPKI), making 10 years not much time.
In conversationabout 23 days ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice