A newly discovered trade-off in the way time-keeping devices operate on a fundamental level could set a hard limit on the performance of large-scale quantum computers, according to researchers from the Vienna University of Technology.
A newly discovered trade-off in the way time-keeping devices operate on a fundamental level could set a hard limit on the performance of large-scale quantum computers, according to researchers from the Vienna University of Technology.
I really hope that there isn’t a cryptographically-relevant quantum computer built in our lifetimes, but we should still assume that there likely will be and accordingly should switch everything to use (hybrid) post-quantum cryptography ASAP.
Why not? I’ve got a hard drive which I lost the keys to I’d like to recover, and having all the old secrets out in the open would be really interesting.
It isn’t expected that a quantum computer will be able to instantly break symmetric encryption, as is used in full disk encryption. It will give an enormous advantage (halving the number of bits of security) but attacking that will still require a large amount of time and energy. What a CRQC will very quickly break is the asymmetric primitives, as used in TLS, encrypted email and chats, etc.
On the other hand, using default parameters from not so long ago, it is cheaper than you might expect to brute-force your disk passphrase already today without a quantum computer… which is why you should use a stronger key derivation function (in addition to a strong passphrase, of course).
Isn’t that symmetrical encryption? Quantum computers aren’t really that beneficial for symmetrical encryption iirc, due to it being a process that can’t be parallelized very efficiently (and quantum computers are kinda slow per operation).
There probabry already is in NSA basement