Notes on post-quantum cryptography, migration strategy, and the road to 2030.
Most websites today are not quantum safe — fewer than one in five use post-quantum cryptography for any part of their TLS handshake. Here's what "quantum safe" actually means, the four algorithms that disqualify almost every site, and three methods to test your own site in under a minute.
Read article →NIST IR 8547 sets binding deprecation deadlines for RSA, ECDSA, and ECDH: 2030 for new use, 2035 for any use. Combined with CNSA 2.0, PCI DSS 4.0, NIS2, and DORA, the regulatory convergence is real. Here's a quarter-by-quarter migration plan from discovery to deadline.
Read article →The expert consensus has shifted from "2040, maybe never" in 2020 to "2030-2035, possibly earlier" in 2026. A realistic look at the qubit requirements, current quantum hardware progress, and why your migration timeline matters even if RSA doesn't break until the 2040s.
Read article →Every public website on the internet today uses cryptographic algorithms that are mathematically guaranteed to fail when sufficiently large quantum computers arrive. NIST has set deprecation deadlines, NSA has published the CNSA 2.0 timeline, and major operators (Cloudflare, Apple, Google, OpenSSH) have already started migrating. Here's what's actually happening and what you need to do.
Read article →