> For the complete documentation index, see [llms.txt](https://gitbook.getloc.ky/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.getloc.ky/harvest-now-decrypt-later.md). # Harvest-Now Decrypt-Later ### Harvest-now Decrypt-later An attacker in a harvest-now decrypt-later attack simply saves encrypted internet traffic with the intent to decrypt it as quantum computers mature in 5-10 years. Data like medical records, photos, and even browser history still has relevance in 10 years, and so is highly vulnerable to these attacks.\ In order to keep data secure for the long-term, sensitive data in a server's database *as well as* it's Key Management System (KMS) need to be secured with quantum-resistant algorithms. Otherwise an attacker can simply record traffic with the KMS and use it to decrypt traffic with the database Locky can be used to load an encryption key for sensitive data onto servers in a way that is secure from future attacks by quantum computers. This key is then used as an encryption and decryption key for data in a database, extending quantum-proof protection to the database. An adversary recording all traffic (or that gets ahold of a database copy) won't be able to later decrypt it with a quantum computer due to the algorithms in use by Locky. #### Types of Data that need protecting Sensitive data can be roughly divided into two categories: Auth and Personally Identifiable. Auth data is passwords, API credentials, server certificates, etc. Anything used to prove that you are who you say you are, and you can do what you are trying to do. Personally Identifiable data is names, social security numbers, pictures, documents, medical records, etc. This is information attached to a person that tells something meaningful about their life.\ While both are vulnerable to quantum computing attacks, Personally Identifiable data is more important to protect *today*. Most Auth data can be rotated and replaced with a new credential at any time. Quantum computers are not powerful enough yet to break encryption. A future quantum computer might be able to break old encrypted traffic and see an old credential, but if it has been replaced with a new quantum-safe credential it is no longer useful to an attacker. On the flip-side, people cannot simply 'rotate out' their medical records, pictures, browser history, or documents. Traffic that contains this information is vulnerable to being recorded and decrypted later, as this is information that has value both today and once quantum computers are powerful enough to break encrypted traffic. Personally Identifiable data is important to protect *today* from Quantum Computing attacks. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://gitbook.getloc.ky/harvest-now-decrypt-later.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.