Cyber Security

Is your organization ready for the shift to Post-Quantum Cryptography (PQC) in late 2025?

RY Asked by Ryan Fletcher · 03-03-2024
0 upvotes 8,984 views 0 comments
The question

With NIST finalizing the first set of post-quantum standards, my CISO is pushing for a "Quantum Readiness" audit. I’m curious if anyone here has started migrating their TLS certificates to quantum-resistant algorithms? Are you seeing any performance hits on your VPNs or encrypted databases when using these larger key sizes? I’d love to know which libraries you're testing for PQC compatibility right now.

3 answers

0
CY
Answered on 14-06-2024

We started our pilot phase for PQC last quarter. The biggest challenge isn't just the algorithms; it's the "crypto-agility." We had to rewrite parts of our legacy middleware that assumed a fixed size for public keys. When we switched to Kyber (ML-KEM) for our internal service mesh, we saw a 15% increase in handshake latency. It’s manageable for backend services, but we’re holding off on the client-facing mobile apps until the mobile SDKs are more mature. My advice is to start by auditing where your "Harvest Now, Decrypt Later" risks are highest.

0
MA
Answered on 20-07-2024

Cynthia, that 15% latency jump is higher than I expected. Are you using any hardware acceleration, like specialized HSMs, to offload that extra computational burden?

BR 18-08-2024

Mark, we are currently testing the latest Nitro Enclaves on AWS which have built-in support for some of these new primitives. It brings the latency down significantly, but it’s definitely an added cost. We’re also looking at hybrid certificates that use both RSA and Kyber during the transition period to ensure we don't break compatibility with older systems that aren't PQC-aware yet.

0
ME
Answered on 02-09-2024

We are focusing on our data at rest first. Upgrading the encryption on our long-term cold storage is our top priority since that data is what's most vulnerable to future quantum attacks.

RY 10-09-2024

That’s a smart move, Melissa. "Data at rest" is often overlooked in the PQC conversation, but it's exactly what attackers are collecting today to crack in ten years.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session