After the short break caused by OWASP / Meetup issues, we are getting back with our OWASP Poland Meetups.
Our topic for this meeting is post quantum cryptography. We have invited Ruslan Kiyanchuk, who is well known expert in this filed, to introduce us to the problem, but with the words understandable by average IT engineer ;)
Then as usual, we will have a discussion about this topic.
Agenda:
1. Post-Quantum Cryptography without the hype: A Practical Overview for Security Engineers
Quantum computers and their threat to cryptography have generated significant hype and fearmongering recently. Flashy news outlets claim RSA can already be broken. But what are the real risks, and what is the rational way to address them?
This talk cuts through the noise to give security engineers a grounded understanding of post-quantum cryptography:
- what quantum computers can and can't break,
- how the new algorithms differ fundamentally from the classical primitives they're replacing,
- how to approach migration and what to prioritize,
- what the regulatory timelines for migration look like.
We'll cover the recently standardized post-quantum algorithms, analyze their properties (key sizes, ciphertext sizes, performance) to understand what makes them non-trivial to integrate into existing protocols, and examine how cryptographic protocols need to change to accommodate them.
Then we'll look at real-world deployments: OpenSSL, SSH, Signal, iMessage, and TLS 1.3 have all already implemented hybrid post-quantum key exchange, IETF drafts are shaping new PKI certificate standards, and YubiKey is preparing their first hardware security keys with post-quantum support.
You'll leave with a clear picture of the threat model, the algorithm landscape, real-world adoption, and the timelines we should target to have a comfortable security margin.
2. After the break, we will host a discussion: Everything you always wanted to know about post quantum crypto, but were afraid to ask
- Should hybrid cryptography be the permanent end-state, or a stepping stone to pure PQC?
- How do we approach PQC migration for embedded systems and hardware with long lifecycles?
- Why Safari still doesn't support PQC key exchange?
- Is this threat real now, or maybe we can prepare later if the risk will be „high enough”?
- How others are preparing to this change?
Our host is Relativity. Due to company policy they asked us to close RSVP one day before. So please - don't postpone the registration to the last day :)
Please RSVP and save the date!
If you have a minute, please share this invitation with friends and in your social media.
