iang via cryptography <cryptography at metzdowd.com> quotes: >The problem in a nutshell. Surveillance agency NSA and its partner GCHQ are >trying to have standards—development organizations endorse weakening ECC+PQ >down to just PQ. Given that after 20 years and hundreds of millions of dollars spent researchers have yet to demonstrate a single legitimate cryptanalysis result using a quantum physics experiment, it's a bit like arguing over which brand of unicorn repellent is the most cromulent. The current state of things in terms of pure vs. hybrid systems seems to be: Governments = Pure: “We're putting all our eggs in one basket and hoping that the dial stops spinning at ‘not broken’” Everyone else = Hybrid: “We trust this new stuff so little that we're requiring you use the crypto that we claim is broken alongside it” Peter.