>> Admittedly your answer (reported here below) was not addressing my concerns. > . . . . . > A hybrid still has a chance of being secure if old good crypto would be > successfully attacked, so your argument does not stand.
Let me repeat myself. If the data must remain secure for a long time , then the Classic part does not help, and the security of that data lies solely within the PQ component. Which part of this “does not stand”? > > Isn't the point that the pure PQ ones might be broken by conventional > computers > (and they have in the past)? That's my understanding of the argument. The point is that if the data requires protection against CRQC — then if “pure” PQ is broken, the data is compromised no matter what. Because the Classic component will protect it at best until CRQC, at worst — even before that. Many algorithms, both Classic and PQ, have been broken in the past. The current standards (Classic and PQ) haven’t. Please take a look at the timeline table in the email you were responding to.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
