[Cryptography] quantum computers & crypto

Joshua Marpet Joshua.Marpet at guardedrisk.com
Thu Oct 28 10:02:17 EDT 2021


Not a comment on the engineering aspects, but the social aspects here. I
literally just (yesterday) had a conversation with a financial institution
about this. They have a firm that does periodical updates to them of
"what's coming", and they were told that in 2022, they better have budget
for quantum decryption defense. Otherwise, they're behind the curve!!

I straight up facepalmed, and gave them my best understanding of the whole
picture. I told them until NIST finishes with at least the third round of
Post Quantum Cryptography (PQC) algorithms, don't freak out. We went over
IBM, D-Wave, et al. I explained their priority should be much more focused
on ransomware, rather than PQC, for at least the next year or so. In about
three years, absolutely, take the pulse of the  market. See if your
certificate automation vendors are offering PQC validated algorithms as a
module for your certificate and key management systems. If so, and if other
financial institutions are using them, hey, maybe it's time to explore!!

But use the market. Vendors will not hesitate to use a new buzzword
(QUANTUM!!!!!) to sell their stuff. Until they do? Nothing to worry about.
(because you can't worry about it anyways, unless you're JPMC or BOA).

Once they do? Then it's time to explore, calmly, without FUD.  (I told them
to fire that vendor, or at least to express their dissatisfaction at
patently being upsold a line of crap.)

Weirdly enough, last night, on Paul's Security Weekly, we interviewed a
writer for KnowBe4, who claimed that Quantum Decryption was already
happening for probably china and the NSA. I was polite!!! (Tamzen, I swear
I was!) :)  But yeah, I pushed back a bit.

Effectively, Quantum is really starting to rear its ugly head as a
marketing and the new FUD. Just be careful what you say, it may (will) get
taken out of context.

<stepping off soapbox>

Joshua Marpet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20211028/8bf25922/attachment.htm>


More information about the cryptography mailing list