# The Harvest Now Decrypt Later Threat Is Real

Attackers are collecting your encrypted data today, storing it and waiting patiently. Your credentials are vulnerable to future quantum computers, which Google estimates may arrive as early as 2029.

## A Glimpse of Things That Could Happen

For years, Ron thought his data was safe just because it was encrypted. Then on a random Tuesday, his medical records, social security number, private communications — everything he had ever uploaded to his secure cloud were leaked. The encryption had held, but attackers were silently collecting and storing his encrypted data for years. When quantum computers arrived, they cracked thousands of users' data in minutes.

## What is Harvest Now, Decrypt Later?

Harvest Now, Decrypt Later (HNDL) is a cyberattack strategy where attackers collect and store your encrypted data today. Even though they can't read it, they know that future quantum computers will be able to break through it. Shor's algorithm (1994) proved how quantum computers could break RSA encryption.

## How an HNDL Attack Works

- **Intercept** — Attackers intercept vast amounts of encrypted data like emails, sessions or cloud storage transfers without triggering alarms.
- **Store** — Although this encrypted data is useless to them at the moment, they store it and wait.
- **Decrypt** — Attackers will finally use powerful quantum computers to crack the encryption in minutes.

## What is Q-Day?

Q-Day refers to Quantum Day, the moment quantum computers come to life and break classical cryptography. According to Google and Cloudflare's timelines, quantum computers may arrive as early as 2029.

## Who is at Risk

- Government Departments — classified information, nation records and communications
- Military Agencies — national security data, confidential weaponry and nuclear codes
- Financial Institutions — transaction records, account credentials and customer data
- Healthcare Providers — medical records, social security numbers and insurance data
- Cloud Storage Platforms — proprietary research, private files or user credentials
- Legal Professionals — law firms, accounting firms and consultancies

## How DragBin's Security Protects You

- **Metadata Protection** — nobody (not even DragBin) can see your passwords, files, filenames, or folders.
- **Client Side Encryption** — files are encrypted on your device before reaching the cloud.
- **ML-KEM Keys** — post-quantum key establishment.
- **AES-256 Security** — trusted symmetric encryption standard.

## Post Quantum vs Classical Encryption

Classical encryption (RSA, ECC, AES) relies on factoring large primes — infeasible for classical computers, breakable by quantum. Post-quantum encryption is built on lattices and hash-based schemes that resist both classical and quantum attacks.

## Related

- [Post-quantum encryption](/post-quantum-encryption)
- [Client-side encryption](/client-side-encryption)
- [E2EE encryption](/e2ee-encryption)
- [Zero-knowledge encryption](/zero-knowledge-encryption)
- [Security architecture](/security)