Is my encryption broken today?

No. Quantum-vulnerable algorithms like RSA and ECDSA still protect data today. HNDL is about ciphertext captured now that may be decrypted after a future CRQC arrives.

Who faces the highest HNDL exposure?

Organizations holding data with long confidentiality requirements — healthcare records, financial archives, government data — especially when migration takes five to ten years.

What is the first step to reduce HNDL risk?

Run a cryptographic inventory, quantify data shelf-life against migration runway using Mosca's inequality, and begin phased post-quantum migration with evidence.

Urgency

Harvest now, decrypt later

Adversaries don't need to break your crypto today. They can store ciphertext now and decrypt it once quantum computers arrive.

Run Q-Day scan Back to hub

The threat model

Nation-state and sophisticated actors harvest TLS sessions, backups, and archives knowing future quantum computers will read them. Storage is cheap; breaking RSA today is not required. NIST describes this as harvest now, decrypt later — one reason post-quantum encryption should deploy as soon as feasible.

Who faces the highest exposure

Healthcare records, financial transaction archives, M&A diligence, and classified-adjacent research often carry 20–50 year confidentiality requirements. Regional banks, payers, and government contractors hold exactly this data profile. Incident response data shows exfiltration timelines compressing — copying ciphertext is faster than breaking it.

Mosca inequality ties it together

If data shelf-life (X) plus migration time (Y) exceeds the time until quantum breaks crypto (Z), you have HNDL exposure today. Mosca turns abstract quantum risk into a planning inequality boards and regulators understand — especially when migration takes five to ten years across a mid-market estate.

How Qtangl quantifies it

Every Qtangl assessment includes Mosca HNDL scoring — mapping your data retention horizon against estimated quantum timeline and migration runway. Quantum-vulnerable does not mean broken today; it means you need inventory and a migration runway now.

Video explainer

Why Your Encrypted Data Is Already Being Stolen Watch on YouTube

References & further reading

Authoritative primary sources cited in this article. Summaries are our own — follow links for full context.

Last verified 2026-06-03

What Is Post-Quantum Cryptography?NIST · 2024Official overview of NIST's PQC project, finalized standards, and the harvest-now-decrypt-later threat model.
What Is Q-Day? Quantum Computing and Cyber RiskPalo Alto Networks · 2026CRQC definition, HNDL threat model, and migration guidance for enterprise security teams.
Why Your Encrypted Data Is Already Being Stolen (Jeremy Allison, CIQ)YouTube · 2025Practitioner perspective on HNDL, PQC migration complexity, and FIPS certification for open source.

Deep dive

Run Q-Day scan Try PQC demo ← Q-Day hub

Harvest now, decrypt later

The threat model

Who faces the highest exposure

Mosca inequality ties it together

How Qtangl quantifies it

Harvest-now-decrypt-later: what boards miss

What is Q-Day?

Mosca inequality

Readiness score