Quantum Computing and Encryption: Why "Harvest Now, Decrypt Later" Matters Artwork

Plaintext with Rich

Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?

Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!

All Episodes

Plaintext with Rich

Quantum Computing and Encryption: Why "Harvest Now, Decrypt Later" Matters

January 02, 2026 • Rich Greene • Season 1 • Episode 6

0:00 | 8:26

Some secrets are meant to stay secret for decades. Medical histories. Legal records. Trade agreements. Now imagine someone copying all of it today. Not to read it. Just to wait. Because someday, the lock changes.

This episode explains what quantum computing actually threatens about encryption and why the risk isn't as far away as it sounds. It starts by grounding two types of encryption in plain language, shared-secret and public-key, then explains why quantum computers can potentially shorten the math that keeps public-key systems safe. The core concept is "harvest now, decrypt later": attackers collecting encrypted data today with the intention of decrypting it once quantum capability arrives. The episode covers why post-quantum cryptography exists, what standards bodies and vendors are already doing, and closes with a starter kit covering long-life data identification, crypto inventory, crypto agility, vendor pressure, and practical steps for non-security professionals.

Whether you manage sensitive data with a long shelf life or you want to understand why your security team is talking about post-quantum planning, Plaintext with Rich makes the timeline and the tradeoffs clear.

Is there a topic/term you want me to discuss next? Text me!!

YouTube more your speed? → https://links.sith2.com/YouTube
Apple Podcasts your usual stop? → https://links.sith2.com/Apple
Neither of those? Spotify’s over here → https://links.sith2.com/Spotify
Prefer reading quietly at your own pace? → https://links.sith2.com/Blog
Join us in The Cyber Sanctuary (no robes required) → https://links.sith2.com/Discord
Follow the human behind the microphone → https://links.sith2.com/linkedin
Need another way to reach me? That’s here → https://linktr.ee/rich.greene

Why Harvest Now Decrypt Later Matters

SPEAKER_00 0:00

Some secrets are meant to stay secret for well decades. Medical histories, legal records, trade agreements, personal communications. Now, imagine someone copying all of it today, not to read it, not yet, just to wait. Because someday the lock changes. And when it does, everything you thought was safe suddenly isn't. Welcome to plain text with Rich. Today we're talking about quantum threats and what they mean for encryption. Well, makes sense. Let's start with encryption in plain terms. Encryption is how we turn readable information into something unreadable unless you have the key. No key, no meaning, just noise. That's how we protect data moving across the internet, sitting in databases, or stored in backups. For this conversation, there are two kinds of encryption that matter. The first is our shared secret encryption, often called symmetric encryption. The plain text version of this is both sides know the same secret. That secret locks the data and unlocks it. Now, this type is fast, it's strong, and it's very good at protecting large amounts of data. Now, the second type is what we call our public key encryption, also called asymmetric encryption. And again, the plain text version of this is if I give you a lock that anyone can use, but only I have the key. And this is how we securely connect to websites, establish VPNs, verify software updates, improve identity online. And this second type is where quantum, well, this is where quantum can potentially change the conversation. So, what is quantum computing actually threatening? Well, quantum computers, you know, once they're powerful enough, can solve certain math problems dramatically faster than our traditional computers. Now, many of today's public key systems are built on math that's hard for current machines, but not fundamentally impossible. Well, the security assumption isn't this can never be solved, it's this would take so long that it doesn't matter. Well, quantum shortens that timeline. Again, not today, not tomorrow, but eventually. This matters because public key encryption underpins trust online, as we just mentioned. If it breaks, attackers could impersonate websites, forge signatures, or decrypt traffic they were never meant to read. And here, that sounds like a future problem, but here's the catch. Attackers don't need to break encryption today for this to be dangerous. They can just collect it. And this brings us to the most important concept, I think, again, in this episode, is harvest now, decrypt later. If we broke this down for you, very simple, like imagine someone stealing locked boxes from a warehouse. They can't open them yet, so they label them and they stack them and they simply wait. Years go down, right? New tools arrive, and hey, every box opens. That's the strategy at play here. Encrypted traffic, stored backups, intercepted communications, long-term records, right? Anything with lasting value can be collected now and decrypted later. And not all data expires quickly. Think about that. Medical records stay sensitive potentially for life, government data for decades, trade secrets until a competitor uses them, legal records long after cases close. So the real question becomes: what data would still matter if it were exposed 10 years from now? That's the data quantum changes first. Now, because of all of this, this is why post-quantum cryptography exists. Post-quantum cryptography, or PQC as you might read or hear about it, it's it isn't about using quantum computers defensively. It's about building encryption methods that remain secure even if quantum attackers existed now. Same software, same networks, hey, new math. Think of it as replacing locks before new bolt cutters hit the market. And again, this isn't theoretical. Standards bodies, vendors, and operating systems are already planning and rolling out support for this. The challenge isn't invention, it's going to be adoption. So, hey, let's get practical. What would be our plain text quantum starter kit? And again, some of this is going to be for individuals, some of this is going to be for small businesses. That's where my bread and butter lies. First, we need to identify long life data. Ask one simple question: what data would still hurt if it leaked years from now? That list is usually smaller than you think, but it is absolutely critical. Second, create a crypto inventory, if we can, we will call it that. This is where encryption is actually used. Web connections, VPNs, email gateways, certificates, backups, databases, code signing. If you can't point to where crypto lives, well, you can't really change it. Third, let's look at building crypto agility. All right. This is, well, a crypto agility is going to be you can swap algorithms without rebuilding systems. Hard-coded encryption is technical debt. Modular encryption is adaptability. The future favors systems that can change. And fourth, hey, pressure vendors early. Most organizations don't upgrade cryptography directly, they upgrade products that do it for them. So start asking vendors now: hey, what's your post-quantum plan? How will certificates transition? What breaks when algorithms change? Silence is also an answer here. If you can go further than this, we have a couple other things you can look at. Use hybrid encryption during transitions, old plus new, layered together, defense in depth. Clean up legacy crypto, old protocols and expired systems, increase future risk, protect backups aggressively, their prime harvest targets, and track standards calmly. You don't need to be a cryptographer, you just need to be aware. So let's ground this for non-security folks. If you're listening and thinking, well, hey Rich, what am I supposed to do? Well, here's some answers for you. Most of this responsibility sits with platforms, not people. But you can still make smart choices, keep your devices updated, use modern, reputable services for your sensitive data, turn on strong authentication, replace ancient routers and unsupported hardware, enable security features when they're offered. You don't redesign the internet, you avoid being stuck on its oldest parts. So if we can, let's clear up a few myths. Myth number one, quantum is science fiction. Absolutely. The reality behind that is timelines vary, direction doesn't. Myth number two, encryption becomes useless. The reality is it evolves like everything we've ever seen in this field. Myth number three, this can wait. The reality is long life data doesn't wait. If something is harvested today, tomorrow's fixes don't help. So let's recap. Quantum threatens the math behind much of today's public key trust. Post-quantum cryptography, PQC upgrades that trust before it fails. Progress doesn't require panic. Remember, it requires planning. Identify long life data, know where crypto lives, demand roadmaps, build systems that can adapt. That's how you stay ahead without chasing headlines. As always, if there's a security topic you want broken down in plain text, please send it my way. Email me, DM me, drop it in my comments. However, you choose to reach me, I will read it, I will respond. If this episode helped, please share it with someone who'd actually benefit. This has been Plain Text with Rich. 10 minutes or less, one topic, no panic. I'll see you next time.