Q-Day isn’t sci-fi—it’s the day a quantum computer can break the cryptography that underpins all email, banking, military comms, and cryptocurrencies. Experts put the odds at 1-in-3 before 2035, with a nonzero chance it’s already happened in secret. The threat is twofold: “harvest now, decrypt later” espionage, and real-time authentication attacks that could shut down grids or hijack markets. Post-quantum encryption standards exist, but upgrading the world’s infrastructure—from hospitals to satellites—is a decades-long process. Like Y2K, the best-case outcome is a collective scramble that makes Q-Day anticlimactic. The worst case? The end of digital trust as we know it.

TL;DR
1-in-3 chance by 2035
Risk to all modern encryption
Bitcoin could go to zero
Global infrastructure at risk

https://www.wired.com/story/q-day-apocalypse-quantum-computers-encryption/
#QuantumComputing #Cybersecurity #Encryption #PostQuantum #security #privacy #cloud #infosec

Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd

A new proof shows quantum cryptography can be built on problems even harder than NP, offering security beyond classical encryption. Researchers introduced "one-way puzzles" to replace traditional cryptographic foundations.

https://www.quantamagazine.org/quantum-scientists-have-built-a-new-math-of-cryptography-20250725/

Grab your chance to talk to us!

Join our AMA on r/BuyFromEU
June 26, 5 PM CEST | 11 AM EST
Ask us anything: tech, privacy, business model, AI, digital sovereignty, anything!

https://www.reddit.com/r/BuyFromEU/comments/1lk1vhp/ama_tuta_team_building_quantumresistant_encrypted/

Now available in #RHEL 10 as technology preview: #PostQuantum #Cryptography.

Yours truly with the details: https://www.redhat.com/en/blog/post-quantum-cryptography-red-hat-enterprise-linux-10

Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .

If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.

https://blog.cr.yp.to/20250423-mceliece.html

My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.

Again.

Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).

Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.

[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time

This week in #FDroid (TWIF) is live:

* #kitshn for #Tandoor update mixup
* #etchdroid 2.0 now w/ #MaterialDesign
* #KOReader for more devices
* fight #quantum with #Tuta #postquantum #email and #calendar
* 20 years of #git, get #forgejo and #gitnex
* #OrganicMaps community open letter
* #ToSDR to the rescue
+ 8 new apps
+ 92 updates
& 4 archived

Git clone this post: https://f-droid.org/2025/04/17/twif.html

Excited to see continued progress in quantum computing with Willow's 100+ qubit milestone! This development makes research in post-quantum cryptography even more relevant, particularly the promising work on implementing lattice-based signature schemes for resource-constrained devices.

Naughty or nice? Santa doesn’t need to know.

Tuta’s encrypted calendar keeps your events so private, even Santa stays in the dark.

Post-Quantum Cryptography in OpenPGP - an IETF draft

#openpgp #pgp #postquantum

https://datatracker.ietf.org/doc/draft-ietf-openpgp-pqc/

Post-quantum cryptography posts.

13.08.2024: NIST releases first three finalized PQC encryption standards.
Source: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

12.09.2024: GnuPG announces release of 2.5.1 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000485.html

PQC: https://en.wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018

Those of you with long memories may recall the hassle of adopting TLS 1.0 when it dropped, and then TLS 1.1, and then TLS 1.2 (and the mad scramble to update cipher suites post-Heartbleed, etc.).

We’re going to see that process all over again with adoption of FIPS 203, 204, and 205 over the next few years (the new NIST quantum crypto standards). I have to wonder if we collectively learned anything from the multiple previous rounds of crypto updates in infrastructures, or if our process is as broken as it ever was. (Rhetorical question here.)

Don’t just think about how to navigate the current moment; think about how to improve your process so that it’s less painful, and less expensive, to do the right thing the next time this comes along. It’s kind of like what Colin Chapman (founder of Lotus) used to say: “Adding speed makes you faster in the straights; adding lightness makes you faster everywhere.” Fixing your process will make it better now and in the future - don’t just address the current need with a quick and dirty tactical fix or a big manual effort; spend a little more time now and reap the benefits forever after.

This will not be the last time we need to do this. #PQC #postquantum

They finally dropped! FIPS 203, 204, and 205 from NIST on post-quantum cryptography standards are now live in their final form. #PQC #quantum #postquantum https://csrc.nist.gov/Projects/post-quantum-cryptography/publications

So Amazon has rolled out support for post-quantum ciphers across services over a period of several years now (notably KMS, then ACM and Secrets Manager #TLS endpoints) ... but I can't find *anything* about when post-quantum cipher support will roll out for #CloudFront. ApostquantumT makes its formal announcement of standards in this space next month, that's suddenly going to be part of the requirements section of many customers' RFPs and service provider checklists. Cloudflare has had support enabled for quite a while now, and I know #AWS can do this because it's been on for KMS public endpoints for years ... so what's the delay with CloudFront? #postquantum

Post-quantum cryptography is too damn big

https://dadrian.io/blog/posts/pqc-signatures-2024/

lots of #postquantum stuff in my world today - discovered the Open Quantum Safe project on Github (produces liboqs, which you can enable on the latest Chrome and Edge - although Edge has issues currently? - and soon on Firefox as well) https://github.com/open-quantum-safe

Quite a bit more from this great round-up post from @jschauma a couple months ago (sorry I missed it!) https://netmeister.org/blog/pqc-2024-01.html

Also! Great new tool from a friend of mine at work, which you can use to test the current post-quantum crypto supportof your browser, an arbitrary app, or a site on the Web: https://isitquantumsafe.info/ - feedback welcome