As of 2026-03-02, the state of the art in quantum decryption has cracked a:

• 22-bit RSA key
• 6-bit elliptic curve key

https://forklog.com/en/quantum-computer-cracks-tiny-cryptographic-key

The IBM QC that cracked the 6-bit key uses 133 qubits.

Some new research suggests that RSA-2048 could be cracked with as "few" as 100,000 qubits.

https://www.newscientist.com/article/2516404-breaking-encryption-with-a-quantum-computer-just-got-10-times-easier/

(Paywall-free)

Such a machine...is not feasible to build any time soon.

So when your CISO or a vendor starts going off about "post-quantum" security, feel free to use this to remind them that we still have SMB1 in some places and Telnet in others. Plenty of work to do around the house.

@mttaggart it's crazy that this is the controversial, minority opinion in cybersec....

@mttaggart

As of today, the state of the art in quantum decryption are 0-bit RSA and ECC keys, respectively.

https://fediscience.org/@hweimer/114855882006260378

@hweimer These weren't strictly Shor's, but I take your point.

@mttaggart CISOs don't usually do priority inversion alone: it's often compliance that makes not doing PQ expensive (penatly, non-compliance), while doing telnet cheap (cOMpeNsAtiOn cOnTRol).

(Side note: PQ should be easy to implement)

@mttaggart

Oh wow, this topic

I think there are so many angles here (this could make a fun podcast discussion)

So I think there's the angle of nobody talks about or publishes about what I'll call "boring stuff". Fixing SMB1 and telnet is boring

So new ideas and research get all the attention. As many old timers know 99% of these new ideas and research go absolutely nowhere

Thanks to this noise factory, there's nobody talking about the boring stuff (even though I think there should be)

So how do you get attention in this constant noise?

And even the leaders who know better will play the game because movie plot threats will get you more budget than the boring stuff will

@joshbressers Is there any angle where quantum encryption concerns require investment today?

@mttaggart No realistic concern

But there are plenty of pretend concerns that will get you budget :)

@mttaggart I am in the other camp on this one.

PQ resistant suitable available and easy to implement. If we see a tiny key getting popped, this indicates to me that the tech is feasible if not powerful… yet.

And this whole problem is a game across time. Logged packets from the past at risk of exposure… this means doing this now takes more of that historical backlog off the record.

It’s ok to fix legacy problems and future ones.

@thegibson I don't have a problem with fixing it. I do have a problem with marketing it as an exigent need. It is not. It is not an immediate risk.

And I keep getting told it's "easy to implement," but in my world, adding any new crypto can be quite the uphill battle, so color me skeptical on that front.

I also think "feasible" is a stretch based on the evidence we have.

So like, if you can without opportunity cost, cool. But those opportunity costs tend to sneak up on you.

And miss me with the hype from vendors on this. It's plainly being positioned as the next snake oil fire sale.

@mttaggart oh, it’s the new AI in everything like that.

But I do think it should be an available feature in ZTNA/SWG style solutions.

Marketing your whole suite on it? Not so much.

@thegibson Yeah that's reasonable. I also think that kind of maturity (readiness for zero-trust, etc.) remains an exception, not the rule. My post is about priorities and current reality, and I still think in terms of risks to address, quantum security is rather far down the list. Again, great to knock out if possible, not a priority.

@mttaggart probably depends on your org.

Not arguing on these points. From my perspective it’s all the way to the right, but only about halfway up the risk matrix.

That said, the timeline for playback is the real concern for me. We should be looking at this in a non-linear way, as it is essentially the same as threat hunting… a query into the past.

It gets a little extra priority to me because of the similarity to a Delorean traveling at 88mph

@thegibson I don't follow what you mean, sorry. Got lost in the metaphor.

@mttaggart just that taking the bytes off the record now instead of later leaves less to be played back when it does become feasible.

Doing it at the time of emergence is less good.

@mttaggart also a back to the future reference.

@thegibson Ah, okay. Yeah not disagreeing. I think I'm looking at the distance to emergence as maybe longer than you?

@mttaggart maybe.

But also I am always risk adverse.

@thegibson That...kinda frames it like I am not risk-averse, which isn't the case. I am simply acknowledging priorities and current state. If we disagree, it's about when it will matter. For me, "quite a while from now."

QCs don't follow Moore's law, it would seem. The distance from 133 qubits to 100,000 (if that's what it takes) is...significant.

@mttaggart see, I was worried we were going to have an argument over this, but we are mostly on the same page.

@thegibson @mttaggart
You guys should probably still argue about it. Give the people a show.

@cR0w @thegibson @mttaggart
I never carry anything smaller than a $50. I also don't carry anything $50 or larger.

@mttaggart Plenty of other issues to look into.

However, my query, as a non cryptographer, is whether the hybrid Q/non-Q encryption that seems to be popular gives valuable defense-in-depth, or does it add another attack surface through the extra software code.