this post was submitted on 04 Dec 2023
463 points (97.7% liked)
Technology
59525 readers
3854 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Post quantum cryptography is under development and is slowly being introduced in order to evaluate it / prevent store-and-decrypt-later attacks... But this is generally in more niche applications. SSH recently adopted post-quantum cryptography for key exchange, but it uses a hybrid approach with traditional cryptography in case the post-quantum stuff proves to be not as strong as we think... Signal is experimenting with post-quantum stuff as well. As far as I know, though, post-quantum cryptograhy hasn't seen wide deployment, and I don't think any of it is used with HTTPS yet (certainly not commonly, anyway). Depending on what you care about this could be a problem. If you just care that nobody else can authenticate as you, then yeah, once everything is moved over to post-quantum stuff you can just change all your passwords and hopefully you'll be good... If you care that the data is private then this is a big problem, and in theory somebody could scrape all of the messages you've sent and the contents of everything that you've done on the web (probably government agencies and not normal people, but maybe this information later gets leaked to the public too). This could also be a problem for authentication, for instance if you've ever logged into your bank account you've probably seen your routing numbers which somebody could take and use to transfer money, in theory.
It's also worth noting that, as far as I know, we don't actually know for certain that the post-quantum cryptography we've developed is secure. I think all we know is that it isn't vulnerable to Shor's algorithm, but there could be other exploits we don't know about. This is of course also true for all of the cryptography we use today too. We don't actually know how hard factoring into prime numbers is, for instance, but these algorithms have been in use for a long time and have been under a lot of scrutiny so we have more confidence in them.