Skip to main content
banner image
venafi logo

Post Quantum Cryptography: More Hype than Hazard?

Post Quantum Cryptography: More Hype than Hazard?

quantum cryptography
November 21, 2019 | Martin Thorpe


Post Quantum: The Buzz

Something that almost everybody seems to be talking about these days is “post quantum cryptography.” Everyone seems to relish having a good doomsday scenario to speculate on.  And what many are wondering is what we will do when quantum computers become sufficiently powerful to attack the algorithms that we rely on for today’s machine identities.

Right now, we don’t know when that will happen, but it could be sooner than we think. So, that’s why there’s so much urgency for cryptographers who are busy researching new algorithms that are safe against quantum computers. At the same time, we need to be planning how we can migrate to those algorithms once they have been standardised and the need arises.


This isn’t a new problem.


Remember MD5?

Back in the day when HTTPS was starting to gain acceptance and SSL machine identities started becoming prevalent, most Certificate Authorities (CAs) issued certificates based on MD5 hashes. In 2004, MD5 was broken and the race was on to get rid of all MD5-based machine identities and replace them with new ones based on SHA-1.

Then there was SHA-1

SHA-1 served us well for a time, but even in 2005 it was known that it had vulnerabilities and the recommendation soon became not to issue or use certificates based on SHA-1. Indeed since 2017 web browsers have not accepted SHA-1 certificates. This left many organizations scrambling to locate and replace all of their SHA-1 certificates. In fact, there is evidence that some have still not completed that migration. (But that’s another story.)


Google and the Symantec certificate sweep

2017 was also the year that yet another crypto event reared its ugly head. Just as most organizations were finishing their lengthy process of putting SHA-1 to bed, Google announced that it would no longer trust certificates issued by Symantec. So, for the third time we found ourselves with lots of machine identities that had to be revoked and replaced.

Of course, the important difference between these three events and “post quantum” is that with MD5, SHA-1 and Symantec, we already had new algorithms and new CAs that we could use. By contrast, we don’t yet have practical quantum-safe algorithms, but progress is being made, and when those algorithms are ready for us, we need to be ready for them.

Is your PKI agile enough to quickly migrate to quantum algorithms? See our buyer’s guide.

"We don't yet have practical quantum-safe algorithms"



Unless you know where all of your machine identities are, and you have automation to manage them quickly and efficiently, a mass replacement of machine identities is a hard thing to do. But you shouldn’t despair just yet. With a robust, agile platform for machine identity protection, you’ll have the visibility, intelligence and automation you need to find and replace certificates across your organization.

Do you have what it takes to replace all of your machine identities tomorrow, if you needed to?

Find out how Crypto4A is pioneering the landscape to quantum readiness.



Related posts


Like this blog? We think you will love this.
Featured Blog

PKI and Quantum: How to Prepare Your Public Key Infrastructure for Quantum Computing

We rely on the language of cryptography to communicate securely.

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Martin Thorpe
Martin Thorpe
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more