•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Around 2010, the sophisticated Flame malware reportedly hijacked Microsoft’s Windows update distribution system, targeting Iran’s government internal network. The incident is widely cited as an example of how weaknesses in widely used security mechanisms can be exploited at scale, with potentially catastrophic consequences if similar attacks were deployed more broadly.
Flame is believed to have been developed through cooperation between the United States and Israel, according to Ars Technica. The attack focused on exploiting MD5, the cryptographic hash function Microsoft used to authenticate digital certificates. By creating a spoofed, MD5-based signature, attackers could present certificates for a malicious update server as if they were legitimate.
The malware was discovered in 2012, but the underlying cryptographic weakness had been known earlier. In 2004, researchers demonstrated that MD5 was vulnerable to collisions—meaning an attacker could generate two different inputs that produce the same hash output. Four years later, two studies further confirmed the weakness, including one that used 200 PlayStation consoles running for three days to create counterfeit TLS certificates.
Despite this knowledge, parts of Microsoft’s infrastructure still relied on MD5, illustrating how legacy dependencies can persist even after vulnerabilities become public.
In response to the MD5 episode and the broader quantum threat, organizations are accelerating efforts to replace RSA and elliptic-curve cryptography (ECC), both of which rely on public-key methods that could be broken by a sufficiently capable quantum computer using Shor’s algorithm. Shor’s algorithm would allow quantum systems to solve foundational problems in polynomial time rather than exponential time.
Google and Cloudflare have pushed the readiness target for post-quantum cryptography (PQC) to 2029, roughly five years earlier than the original plan. The shift is linked to two new studies suggesting quantum computers could break cryptographic schemes sooner than expected (CRQC).
While there is no clear evidence CRQC will emerge within four years, the earlier deadline is creating “positive pressure” on companies including Amazon and Microsoft, whose roadmaps reportedly lag by two to six years. The timelines also align with U.S. government goals: the Department of Defense requires all national security systems to adopt quantum-resistant algorithms by December 31, 2031, and NIST calls for retiring vulnerable algorithms by 2035.
Dan Boneh, a cryptography professor at Stanford University, described the shift as a major undertaking: “Shifting the entire Internet to post-quantum cryptography, especially for digital signatures, is a monumental undertaking.” He also cautioned that targeting 2029 could allow room for delays, while slipping toward 2035 could increase risk.
Brian LaMacchia, who led post-quantum transitions at Microsoft, characterized the challenge as risk management. He said the probability of CRQC appearing before 2030 is about 5%, but that the potential damage is “enormous,” adding that risk accumulates when transitions start late. He also warned about the “race” dynamic—upgrading must be completed before adversaries gain the capability to exploit quantum breakthroughs.
Beyond breaking encryption, the article highlights the “data harvested now and decrypted later” (HELD) threat. Attackers can store encrypted data until CRQC becomes available, at which point decryption becomes feasible. This moment is referred to as “Day Q.”
Most preparations focus on replacing RSA with ML-KEM, a PQC algorithm designed to avoid fast quantum advantages. Because RSA is not described as overly widespread in the same way as some other primitives, the transition is characterized as relatively straightforward. However, two recent studies focus on breaking ECC, which underpins digital signatures.
Digital signatures are described as foundational to validating messages and documents, securing software, enabling remote SSH logins, and supporting TLS certificates and many other functions. If ECC-based signatures can be forged, the impact would extend beyond confidentiality to authentication and trust.
The first study suggests that a quantum computer using neutral atoms could break ECC with as few as 10,000 physical qubits. The article notes that a qubit is the quantum unit analogous to a bit, but can exist in superposition, and that error correction typically requires between 100 and 1,000 physical qubits per logical qubit.
The second study, attributed to Google, reports that two quantum circuits would require only 1,200 logical qubits to break ECC-256 in about 9 minutes. The process is estimated to require roughly 90 million Toffoli gates, described as a major technical challenge. Google estimates the system would need about 500,000 physical qubits, roughly half of the estimate from last June for breaking RSA 2048-bit.
As the Day Q threat approaches, Google and Cloudflare are shifting focus toward protecting quantum-resistant authentication for ECC-based systems. The goal is to add a defense layer to prevent intrusions into internal networks, computers, and critical infrastructure.
Bas Westerbaan of Cloudflare warned that while data leaks are serious, compromised authentication would be the “disaster.” He said that moving authentication systems—especially those with long dependency chains, third parties, and fraud monitoring—takes many years, not just months.
The article states that when Day Q arrives, ECC-based certificates could be forged, enabling attackers to impersonate websites, mail servers, signing systems, and SSH keys.
Amazon’s Matthew Campagna said the company is on track to meet the 2031 Department of Defense target, using SigV4 to protect authentication before quantum. He also said AWS transmits secrets only at creation time and does not re-send them, avoiding the need to switch to public-key authentication.
Microsoft’s deadline is described as the farthest out at 2033. Mark Russinovich said Microsoft has planned PQC since 2014 and is implementing it across platforms, starting with Windows, Azure, and the identity layer.
Meta has not announced a concrete deadline, but has released a PQC maturity taxonomy without a clear timetable. Apple did not respond when contacted.
The article concludes with a warning that the “CRQC is always 10–20 years away” narrative has persisted for decades. While progress is steady, it says the probability of CRQC appearing before 2035 remains uncertain. It points back to the MD5 crisis as a cautionary tale: Flame attacked aging infrastructure that lacked centralized management and security guidance, and similar missteps could recur during PQC transitions.
Scott Aaronson is quoted saying that moving to PQC before 2029 is reasonable, but that many people ignore the uncertainty—treating it as if it does not matter. He adds that denial, along with neglected software and outdated hardware, could slow the transition and lead to mistakes similar to those seen in 2010.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
