What is Harvest Now, Decrypt Later (HNDL)? We explain it all

At its core, HNDL is a cyber attack strategy where hackers steal encrypted data now and intend to decrypt it later. Why is this possible? The security of encrypted data relies on the computational difficulty of cracking it. Today, most encryption methods, such as RSA and ECC (Elliptic Curve Cryptography), are strong enough to resist current decryption attempts. But with quantum computing, that could change.

Quantum computers – still in development – work differently than classical computers. They use the principles of quantum mechanics to solve complex problems much faster. Tasks that would take today’s most powerful computers thousands of years could be done in minutes. This makes quantum computing a threat to current encryption algorithms.

A HNDL attack typically happens in three stages:

Not all data is created equal. Attackers don’t save everything. They save data that retains value over time:

This way, the data they save will still be exploitable when quantum decryption becomes possible.

You might think, “Why would anyone care about my data years from now?” The truth is data doesn’t lose its value overnight. Personal info like financial details, medical records or even private conversations can be used to commit fraud, impersonate you or violate your privacy. Businesses are even more at risk as stolen intellectual property, trade secrets, or customer data can have long-term implications.

For example, a hacker intercepting sensitive corporate communications today could uncover trade secrets or business strategies in the future and cause reputational or financial harm.

Quantum computers that can break current encryption are years away, but you can take proactive measures to reduce the risk of HNDL. Here are some steps individuals and organisations can take:

Google Chrome now supports the Kyber hybrid key exchange algorithm, a post-quantum cryptography (PQC) solution. Enable this algorithm, and you’ll add quantum resistance to TLS connections and an extra layer of protection to your encrypted web traffic.

You can do this in Chrome’s advanced security settings.

Private Public Key Infrastructure (PKI) certificates are used for authentication and secure communications. Upgrade your PKI certificates to PQC algorithms so your digital certificates will be secure in a quantum computing future.

Talk to your PKI provider about post-quantum solutions.

Long-term cryptographic keys such as signing or encryption keys are most vulnerable to HNDL attacks. Replace them with keys generated using PQC algorithms to reduce the risk of future decryption.

Start by replacing high-priority keys in your organisation.

Post-quantum cryptography algorithms are designed to be resistant to quantum computing attacks. NIST has already standardised several such algorithms, including Kyber, Dilithium and Falcon. Start transitioning to these algorithms to future-proof your encryption.

Even with advanced encryption, attackers can’t exploit data they can’t access. Minimise the storage of sensitive data, encrypt data at rest and in transit and audit data storage practices regularly to reduce exposure.

Knowledge is power. Individuals and organisations need to understand the risk of HNDL and what they can do to protect themselves. Cybersecurity training ensures your team can recognise and respond to threats.

Partner with technology providers and vendors who are working on quantum-safe solutions. So, your systems stay ahead of the curve as quantum technology evolves.

HNDL isn’t a future threat; it’s happening now. Quantum computing will bring many benefits, but we need to rethink how we secure our data. By using quantum-resistant technologies and being proactive, individuals and organisations can protect their most sensitive data from this looming threat.

Act now. Future-proof your encryption, educate your team and prepare for the quantum age before it’s too late. Cybersecurity is a journey, and what you do today will protect what matters most tomorrow.