Is my encryption broken today?

No. Quantum-vulnerable algorithms like RSA and ECDSA still protect data today. HNDL is about ciphertext captured now that may be decrypted after a future CRQC arrives.

When will Q-Day happen?

No one knows the exact date. Google and Cloudflare accelerated internal readiness targets to 2029 as a planning signal — not a prediction. Migration takes years regardless of the exact timeline.

What is the first step for a mid-market CISO?

Run a cryptographic inventory: which endpoints still depend on RSA or ECDSA, which third parties embed legacy crypto, and who owns remediation. A live scan beats a one-time spreadsheet exercise.

Post-quantum readiness

Harvest-now-decrypt-later: what boards miss

Boards ask whether quantum computers will break encryption tomorrow. The harder question is whether ciphertext captured today will still be confidential when migration finishes — and most enterprises cannot answer it yet.

Cryptographic exposure timeline illustrating harvest-now-decrypt-later risk.

The risk starts before Q-Day

Harvest-now-decrypt-later (HNDL) is not science fiction. Adversaries capture TLS sessions, backups, and archives today knowing that a future cryptographically relevant quantum computer (CRQC) may decrypt them later. Storage is cheap; migration is not.

Quantum-vulnerable does not mean broken today. Your RSA and ECDSA still protect data in transit and at rest right now. The exposure is temporal: if data must stay confidential for decades, ciphertext harvested before you finish migrating may become readable.

Who is most exposed

Healthcare payers, regional banks, and government contractors hold records with 20–50 year shelf lives. Trade secrets, M&A diligence, and classified-adjacent research archives face the same Mosca clock.

Unit 42 and other incident-response data show exfiltration timelines compressing — the fastest quartile of intrusions reached data theft in 72 minutes in 2025. Harvesting does not require breaking crypto today; it requires copying ciphertext.

Mosca inequality in plain language

Michele Mosca's inequality — X + Y > Z — turns abstract quantum risk into a planning question. X is how long your data must stay secret. Y is how long migration takes. Z is when quantum computers break your algorithms.

When X + Y exceeds Z, encrypted data captured today may be readable before you finish migrating. That is HNDL exposure — and it is why inventory and migration runway matter now, not after Q-Day headlines.

What to do this quarter

First, inventory quantum-vulnerable crypto on external TLS and critical dependencies — not a spreadsheet snapshot, but a repeatable scan with algorithm tags and framework crosswalks.

Second, quantify HNDL exposure for your longest-lived data classes. Third, map findings to the deadlines your auditors already track (NSM-10, CNSA 2.0, NIST IR 8547). Qtangl Assess produces a prioritized backlog with signed artifacts suitable for audit evidence — an inventory aid, not a formal attestation.

Continue on the Q-Day hub: Harvest now, decrypt later guide

References & further reading

Authoritative primary sources cited in this article. Summaries are our own — follow links for full context.

Last verified 2026-06-03

What Is Post-Quantum Cryptography?NIST · 2024Official overview of NIST's PQC project, finalized standards, and the harvest-now-decrypt-later threat model.
What Is Q-Day? Quantum Computing and Cyber RiskPalo Alto Networks · 2026CRQC definition, HNDL threat model, and migration guidance for enterprise security teams.
National Security Memorandum on Post-Quantum Cryptography (NSM-10)White House · 2022-05Federal mandate requiring migration away from quantum-vulnerable algorithms by 2035.
Why Your Encrypted Data Is Already Being Stolen (Jeremy Allison, CIQ)YouTube · 2025Practitioner perspective on HNDL, PQC migration complexity, and FIPS certification for open source.

See your exposure with evidence

Run a live PQC inventory scan, export a CBOM, and verify signed reports independently.

Try the PQC demo Explore Assess tier Q-Day hub