Your Encrypted Data Already Has an Expiration Date

TL;DR — A practical quantum computer capable of breaking today’s encryption is probably years away. But the data being stolen right now can be stored and decrypted the moment one arrives. For anything that has to stay secret for a decade, the clock has already run out.

Somewhere on a server you’ll never see, a copy of today’s encrypted traffic may already be sitting in storage. Bank records. Medical files. State secrets. The people who collected it can’t read a word of it yet. They’re betting they will.

That bet has a name, and it’s the most uncomfortable idea in security right now.

”Harvest now, decrypt later”

The logic is grim and simple. An attacker doesn’t need a quantum computer today to profit from one tomorrow. They only need to capture your encrypted data now and wait. When a powerful enough machine finally exists, everything they stockpiled becomes readable in hindsight.

For most web traffic, that’s a shrug. Nobody cares if a coffee order gets decrypted in 2035. But plenty of data has a long shelf life. If a secret needs to hold for ten years and capable quantum hardware shows up in eight, then encrypting it with today’s vulnerable algorithms is basically publishing it on a delay.

That reframes the whole question. The threat isn’t only in the future. The exposure starts the moment sensitive data crosses the wire.

A dense wall of blue code on a screen — Photo by Jake Walker on Unsplash

What actually breaks, and what doesn’t

It helps to be precise about the danger, because the panic tends to outrun the facts.

The vulnerable foundation is public-key cryptography, the RSA and elliptic-curve schemes that secure nearly every connection you make. A fault-tolerant quantum computer running Shor’s algorithm would tear through them.

Symmetric encryption, like the AES that protects data at rest, holds up far better. It mostly needs bigger keys, not a full replacement. So this isn’t the end of encryption. It’s the forced retirement of one specific, very widely used family of it.

The migration nobody sees

The good news is that the replacement work has started in the places that move slowest and matter most. Standards bodies have finalized the first post-quantum algorithms. Browsers, payment networks, and government systems have begun the slow swap toward them.

This is the kind of structural, multi-year infrastructure project our data and security desk watches closely. It isn’t a patch you ship on a Friday. It’s a cryptographic transition that touches every layer of the stack, and it’s exactly the sort of long-horizon shift our future tech coverage keeps coming back to.

A server room bathed in cool light — Photo by Tyler on Unsplash

The bottom line

If you run anything that handles long-lived secrets, the question stopped being whether to move to post-quantum cryptography. It’s how fast.

Start with an inventory. Figure out what you encrypt, how long it actually needs to stay private, and assume a patient adversary is already keeping a copy. The quantum threat doesn’t need to hurry. Your roadmap does.