Марія Бровінська That's Life 29 November 2025, 09:48

Information apocalypse or Q-day — will quantum computers crack all the world's passwords?

Imagine: one day, all secret data — from government negotiations to bank keys — could become accessible. This hypothetical day has been called Q-Day. The day when passwords and all cryptographic algorithms will become vulnerable to quantum computing. And both hackers and governments are already actively preparing for it.

GIGAGROUP experts, together with dev.ua, analyzed how real the «information apocalypse» is and whether quantum computing poses a threat to cybersecurity.

How quantum computers work

Quantum computers are fundamentally different from conventional ones. If a classical one works with «zeros» and «ones» sequentially, then qubits are able to be in a superposition state — that is, to be both «0» and «1» at the same time. And thanks to quantum entanglement (the influence of one qubit on the state of another) and interference (focusing on correct solutions and rejecting incorrect ones), the quantum algorithm surpasses the classical one many times.

«It’s easier to perceive quantum computing as a colossal leap in the number of operations that can be performed per second. That’s why they become dangerous. The basis of modern encryption is the principle: encrypting information with a key is easy, but picking a key without a hint is incredibly difficult and requires colossal resources. Quantum computing breaks this logic. It makes key selection hundreds of times faster than any supercomputer,» explains Kyrylo Naumenko, GigaCloud Service Center.

Why encryption is at risk

Today, internet security relies on encryption, which converts messages into a set of characters that can only be recovered with a special key.

The most famous example of early cryptography is the Caesar cipher from the 1st century BC. It was used to protect military messages. The idea of the cipher was simple — each letter in the message was shifted a fixed number of positions. And without a special key, it was impossible to decipher the text.

Cryptography uses keys — special codes that determine the encryption result. Depending on the type of key, there are two types of encryption.

Symmetric encryption uses a single key for both encryption and decryption. Asymmetric (or public-key, RSA) encryption uses two keys: one public (to encrypt) and one private (to decrypt). Both types of encryption are essential for the secure functioning of the Internet.

But let’s get back to the main point: why quantum computing poses a threat to cybersecurity. First of all, because of the logic of the encryption process. After all, it is much easier to encrypt data with a key than to decrypt it. If you have the key, access is instant. If you don’t have the key, the task is complicated.

«To crack a password, you don’t necessarily need to know it. It’s enough to have its hash — a unique „fingerprint“ created by a special mathematical function. Then the computer runs millions of combinations and checks for a match with the hash. This is called brute force, and it works much faster than most people think,» says Kyrylo Naumenko.

The first «strike,» he says, will be on asymmetric encryption — RSA and ECC, because Shor’s algorithm makes key selection many times faster. Symmetric systems (AES) and hashes (SHA-2/3) will survive, but they need to be strengthened: use AES-256 instead of AES-128 or SHA-512 instead of SHA-256. That is, asymmetry, Kyrylo is convinced, will have to be replaced, and symmetry will have to be strengthened.

That is why password requirements are constantly updated. You can view the current requirements on the NIST website. If previously 8 characters and regular changes every three months were enough, today the minimum standard is 16–18 characters, otherwise your password may be picked before you have time to update it.

Another potential problem is if the password selection tasks are set not by a person, but by artificial intelligence.

«Imagine that AI sets itself the goal of cracking passwords. It will be able to transmit hundreds of tasks per second to a quantum computer, scaling the attack. And although this does not mean a literal „instantaneous crack“, the speed of the process will increase hundreds of times. Such a scenario is already reflected in the cinema: for example, in the film „Mission: Impossible — Fallout“, the artificial intelligence The Entity controls global digital systems and is able to crack any codes. So far, this sounds like fiction, but the threat looks quite real,» adds Kyrylo Naumenko, STO GigaCloud.

«Steal now, hack later»: a new strategy for hackers

Hackers are already actively practicing the harvest-now-decrypt-later tactic: stealing encrypted data now to decrypt it later. According to a Capgemini study, 65% of organizations fear such attacks, and 1 in 6 experts predict Q-Day within the next five years.

«A black market where you can order the hacking of any traffic is no longer a fantasy, but a completely possible scenario. That is why it is important to develop an „antidote“ even before the mass appearance of quantum machines. In the USA, NIST has already standardized three post-quantum algorithms to address such a threat — ML-KEM, ML-DSA, SLH-DSA. They are integrated into key services, from AWS to Cloudflare. But full implementation will take years,» explains Maksym Dumansky, CISO GIGAGROUP.

Consequences for business and the state

The quantum revolution will change every area of business. Familiar logins and passwords may disappear, and companies will be forced to rebuild their infrastructure.

«The emergence of quantum encryption will change every area of business. In my opinion, all variations of logins on websites (personal accounts) will disappear. The IT infrastructure of most companies will have to be rebuilt. The most critical situation will be with the state and banks. Perhaps a separate Internet network will be created for them, without access to the Internet. For example, this can be implemented thanks to dark optics to prevent data leakage and decryption,» says Maksym Dumansky, CISO GIGAGROUP.

Conventional data encryption will no longer guarantee security. What currently takes years to crack, a quantum machine will be able to decrypt in seconds. This threatens the privacy of online meetings, chats, and correspondence — and will force companies to reconsider their security policies, perhaps even returning some remote teams to the office. However, this should not be expected in the next five years. After all, the mass implementation of quantum encryption is a difficult and time-consuming process.

«Quantum computers are a fundamentally different technology. You can’t just take a Windows laptop and run a familiar program on it „in quantum mode.“ For each task, separate programs are written for qubits and a special development environment. This is a completely different architecture and logic of work. And it is unlikely that the appearance of a quantum computer will lead to cracking all the passwords in the world. After all, this is not its main goal. Some unique, „secret“ data of states — yes. However, hackers will not be interested in the data of ordinary Internet users in the first place,» says Kyrylo Naumenko, GigaCloud Service Center.

Quantum encryption is currently only possible on quantum computers, which currently look like bulky laboratory installations. But it is worth remembering: once upon a time, even the first decryption machines, for example, Enigma, took up several rooms. So it is quite possible that in 5–10 years compact devices with quantum capabilities will appear. However, for now these are only hypotheses of specialists.

A new solution from Ukrainian startup Haiqu removes the main obstacle to processing real data on a quantum computer

Quantum race: American and Chinese scientists almost simultaneously announced breakthroughs in the development of quantum computers

Are you ready for the quantum leap? The world is actively moving in this direction. Who is already creating quantum computers and when can we expect a technological revolution?