Zoe@ekg@social.librem.one
@tychotithonus@infosec.exchange I think the iimportant difference of opinion is whatever or not quantum computers will ever be practical.
Royce Williams@tychotithonus@infosec.exchange
@ekg@social.librem.one I definitely understand the perspective. But as a security professional, I have to balance the likelihood of a future event with A) the magnitude of its impact, B) the cost of future mitigation, vs C) the controlled burn of mitigating it in advance.
Even if the chances of practical QC in 30 years are one in a thousand, we know about the stickiness of existing deployments, vs difficulty to upgrade (magnified by the proliferation both of IoT and the degree and volume of sensitive activities adding cloud dependencies, making interception risk pervasive).
The chaos of all of that suddenly being interceptable would make Heartbleed look like a Sunday afternoon nap.
And since the interdependence of everything is only growing, interoperability inertia ("we can't upgrade because our dependency / partner hasn't yet, or can't") would make an emergency transition even higher friction / catastrophic.
Even if PQC takes 100 years, better to start eliminating it now than accumulating technical debt around that interdependency.