Why “Harvest Now, Decrypt Later” (HNDL) may not be your main concern

Caute_cautim — Tue, 17 Feb 2026 21:00:22 GMT

Hi All

Demystifying Post quantum Topics — Part 2

This is the second article in my series challenging four well-established ideas about how organizations should approach the transition to post-quantum cryptography (PQC).

Each article presents a slightly provocative argument designed to make you, dear reader, rethink your current assumptions. Constructive disagreement is always welcome.

In Part 1, I argued why organizations should focus on compliance to cryptographic standards rather than on Y2Q. Today’s idea is another common headline topic 👇

“Harvest Now, Decrypt Later” (HNDL) may not be your main concern.

The appeal and the limits of HNDL

HNDL is often presented as the primary quantum threat to cybersecurity. It’s simple to explain, sounds impactful, and makes for a great conference slide. Some even claim that data-harvesting activities such as BGP hijacks have increased recently, hinting at preparation for future quantum decryption.

But while HNDL is a plausible attack vector, it’s also a hard and expensive one to execute. And attackers tend to look for efficiency.

That’s why organisations should start by asking two basic questions for any use case involving data confidentiality:

Is HNDL an effective attack vector for this use case?
What would be the impact of a successful HNDL attack?

Efficiency and impact: a reality check

In practice, HNDL is only effective in highly targeted attacks. Capturing and storing vast amounts of encrypted traffic for a decade or more, hoping to break the thousands or millions of key exchanges within it once a cryptographically relevant quantum computer (CRQC) exists, is extremely costly and uncertain.

Considering cost, complexity, execution time, and probability of success, it’s an incredibly inefficient attack vector. There are many cheaper and faster alternatives for a well-prepared adversary.

Worth looking at the original article at the image for a reality check.

It can be easier

The second part of the analysis is impact. Losing confidentiality of today’s data 10–15 years from now would rarely cause operational damage. Its main consequence would likely be reputational exposure rather than operational disruption.

For attackers, investing so much effort for such uncertain gain makes sense only for very high-value, long-term intelligence. In other words, HNDL is a niche threat.

A practical example: banking transactions

Let’s take a typical case—confidentiality protection for a bank’s transactional data transmitted over the Internet.

1️⃣ Is HNDL effective here? An attacker would need to selectively capture relevant transmissions to maximize the signal-to-noise ratio. That requires knowing the endpoints, timing, and structure of the traffic. With that level of insight and the financial resources required, wouldn’t it be easier to bribe an insider or exploit a vulnerability that yields results in months instead of decades?

2️⃣ What’s the impact? If some 15-year-old transactional data is leaked in the late 2030s due to cryptography deprecated in the 2020s, the operational impact might be negligible. Only extremely targeted attacks could cause real damage, and such high-value targets are already protected by more than just a TLS or IPsec session.

When HNDL does matter

So, does this mean HNDL isn’t a threat? Of course not. It depends on the use case.

Sectors such as defence, government, and diplomacy, where long-term confidentiality is critical, should absolutely consider HNDL in their threat models. But for most organizations, the more pressing concerns lie elsewhere.

The bigger threat: Trust Now, Forge Later (TNFL)

The real quantum danger lies not in decryption, but in forgery.

Quantum computers threaten digital signatures and authentication through what is now known as Trust Now, Forge Later (TNFL).

We rely on digital signatures to:

• authenticate legal documents,

• verify identities, and

• ensure the trustworthiness of software and firmware in computers, network devices, HSMs, and even cars.

Unlike encrypted data, many of these assets are publicly available. An attacker needs only one public key to begin. Once that key is broken, they could forge valid signatures on malicious software, documents, or websites. Even more concerning, breaking a root Certificate Authority (CA) key would have a catastrophic, Internet-wide impact, undermining trust across digital ecosystems. Such an event would cause immediate operational disruption and require emergency responses at scale to contain the damage.

The PQC Marathon: Start with Harvest Now, Decrypt Now (HNDN)

During the PKI Consortium’s PQC Conference, someone asked me about implementing urgent and complex changes to include PQC in all their TLS connections to “defend against HNDL.”

My answer was simple: It’s more important to eliminate obsolete cryptography, like TLS 1.0, than to rush PQC deployment.

If HNDL isn’t an efficient attack vector for your environment, it’s not your biggest risk. Using outdated protocols, however, exposes you to a far more realistic threat: Harvest Now, Decrypt Now (HNDN).

Transitioning to PQC is a marathon that no organization has ever run before. If you were training for a marathon, you would:

🏃♂️ Start slow — building endurance (your maturity phase, improving cryptography management).

📋 Plan your pacing — setting milestones and split times (your planning phase, analyzing use cases and priorities).

🏁 Run your race — executing the plan, maintaining rhythm and focus (your execution phase).

The same principle applies to PQC: Don’t sprint at the start of the marathon chasing a risk that isn’t relevant to you. Your goal isn’t just to implement PQC: it’s to eliminate quantum-vulnerable cryptography.

Start today by improving your cryptography management and retiring obsolete algorithms and protocols. Addressing Harvest Now, Decrypt Now risks, the product of cryptographic technical debt, is a current, tangible threat and a no-regret action that strengthens your security posture immediately. The knowledge you gain in this initial phase will help you assess and prioritize your next steps: building a long-term, sustainable plan.

In Summary

Analyze your threat model to understand where your real risks lie. Attack vectors stemming from cryptographic technical debt and immature management (HNDN) may be more relevant in the short term, and offer excellent opportunities to begin your transition.

In most cases, TNFL may also be more relevant than HNDL. Don’t rely on buzzwords or sales pitches. Make your own informed assessment.

Source: https://www.linkedin.com/pulse/why-harvest-now-decrypt-later-hndl-may-your-main-jaime-g%C3%B3mez-garc%C3%ADa-c9bnf/

Regards

Caute_Cautim

topic Why “Harvest Now, Decrypt Later” (HNDL) may not be your main concern in Industry News