Cryptography#post-quantum#tls#kyber
When should I start worrying about post-quantum cryptography?
By Dr. Ananya Rao·April 22, 2026 6 min 6,789
Short answer
Now, if you're protecting data that must stay confidential past 2030. 'Harvest now, decrypt later' is already an active threat model.
The full answer
NIST finalized ML-KEM (Kyber) and ML-DSA (Dilithium) in 2024. Major TLS libraries and browsers shipped hybrid key exchange in 2025, so the migration on the wire is well underway.
If you operate long-lived secrets — medical records, government data, intellectual property — assume an adversary is capturing your TLS traffic today to decrypt once a cryptographically relevant quantum computer exists.
Action items: enable hybrid PQC on TLS terminators, inventory long-lived RSA/ECC keys, and plan crypto-agility into new systems so swapping algorithms isn't a rewrite.
Was this helpful?
Upvotes help us prioritise what to answer next.