Quantum Computing, Encryption, and the Cryptopocalypse
For several years, tech media has been telling the world that our encrypted data will no longer be secure after quantum computers come onto the scene. Reporters often call this the "cryptopocalypse." Panicked stories like these attract clicks, and clicks attract ad revenue.
But the truth, as usual, is not so simple. Asymmetric encryption (using public/private key pairs) is vulnerable to quantum-based attacks, but strong symmetric encryption (using the same strong key to both encrypt and decrypt) will remain safe from quantum attacks. For cryptographers and other technically-minded cybersecurity people, this may seem obvious, but the message hasn’t reached the masses—even to many people who work in the industry.
Encryption based on AES-256, or other similarly strong symmetric encryption algorithms, can’t be successfully attacked with today’s computers before, as security expert Bruce Schneier says, "the heat death of the universe." Though quantum computing will reduce the time to compromise those same keys, many experts believe that the time required will be no less than half the current time—so after the Sun becomes a supernova and swallows the Earth, but maybe before the heat death of the universe.
PKWARE features many types of remediation for sensitive data, including both persistent and transparent encryption&mdas;which both use AES-256. (Find out more about PKWARE's approach to encryption.)
As part of our approach for dealing with a post-quantum world, PKWARE also uses strong symmetric encryption algorithms for some applications that traditionally use asymmetric encryption, such as email. (Learn more about PKWARE’s approach to email encryption.)
If you’re looking for a quantum-resistant approach to protecting your sensitive data, make sure you’re using strong symmetric encryption—and make sure it can be applied to the applications you need.
That’s not all you need, however. Not all AES-256 encryption keys are created equal. The next post in this series will discuss the value of true random numbers vs. pseudo-random numbers as the basis for the encryption keys—and how these attacks might be affected by the advent of quantum computing.