.gif)
Unspoken Security
Unspoken Security is a raw and gritty podcast for security professionals who are looking to understand the most important issues related to making the world a safer place, including intelligence-driven security, risks and threats in the digital and physical world, and discussions related to corporate culture, leadership, and how world events impact all of us on and off our keyboards.
In each episode, host AJ Nash engages with a range of industry experts to dissect current trends, share practical insights, and address the blunt truths surrounding all aspects of the security industry.
Unspoken Security
How Post-Quantum Computing (PQC) Will Save the Internet
In this unfiltered episode of Unspoken Security, host A. J. Nash explores the looming threat quantum computing poses to our digital infrastructure with experts Robert Clyde, Managing Director of Clyde Consulting and Chair of crypto-security firm CryptoQuanti, and Jamie Norton, a Board Director at ISACA with extensive cybersecurity credentials. They cut through the technical jargon to explain how quantum computing fundamentally differs from classical computing and why its exponential processing power threatens to break current encryption standards.
"While current quantum computers operate at around 150 qubits, once they reach sufficient power, everything from banking transactions to secure communications could be compromised instantly," warns Robert during the discussion of "Q Day" — the moment when quantum computers become powerful enough to defeat public-key cryptography underpinning internet security.
Despite the alarming scenario, the experts offer practical guidance on preparing for this threat. They outline how organizations should begin implementing post-quantum cryptography solutions developed by NIST, emphasizing that proactive preparation, not panic, is the critical response security professionals should adopt today. Listen to the full episode to understand the quantum threat and learn the concrete steps your organization should take now before Q Day arrives.
Unspoken Security Ep 36: How Post-Quantum Computing (PQC) Will Save the Internet
Robert Clyde: [00:00:00] these quantum effects can be realized and worked with, and they're very different. We can do amazing things with them. Certain problems that certain mathematical problems and other problems that are difficult for quantum computers to solve can be, that might take thousands or even millions of years, be solved today or perhaps in the future with larger quantum computers in literally seconds or minutes.
AJ Nash: [00:01:00] hello, and welcome to another episode of Unspoken Security. I'm your host, AJ Nash. I spent 19 years in the intelligence community, mostly at NSA, and I've been building and maturing intelligence programs in the private sector for about nine years now. I'm passionate about intelligence, security, public speaking, mentoring, and teaching.
And I also have a master's degree in organizational leadership from Gonzaga University, go Zags. So I continue to be deeply committed to servant leadership. This podcast brings all of these elements together with some incredible guests, have authentic, unfiltered conversations on a wide range of challenging topics.
This is not gonna be your typical, polished podcast. My dog occasionally makes appearances. They're both in the other room today, so we're probably fine. People argue and debate here, we even swear sometimes. And that's all. Okay. I want you to think of this podcast as a conversation that you'd overhear at a bar [00:02:00] after a long day at one of the larger cybersecurity conferences, whether it's RSA, or Black Hat, or Defcon.
These are the conversations we usually have when nobody's listening. Now, today is different.
you may have noticed, among other things, there's three people on the screen if you're watching. So we have two guests today. I've only done that once before. And this is the first time where having two guests that are not geographically with each other.
It'd be interesting to see how all of our technology pays off. I will tell you tech check to start this program was a new adventure. But today I'm joined by Robert Clyde and Jamie Norton. So Robert is the managing director of Clyde Consulting, LLC. That is because his last name's Clyde. They provide, board and advisory services to cybersecurity software companies.
I. He's currently chair and board director at cyber, executive chair o of the board of White Cloud security and past chair of the board of directors for ISACA, a global professional association committed to advancing trust in technology. Now turning to Jamie, Jamie's got a stack of credentials, C-I-S-A-C I-S-M-C-G-E-I-T-C-I-S-S-P-C-I-P-M.
He's [00:03:00] collecting the entire alphabet. He is not leaving any letters for the rest of us. He's also a board director at isaka, and he is on the advisory board for ato, a cybersecurity startup, enabling informed and defensible data-driven decisions. Now, gents, impressive resumes. Anything I left out?
Anything you want to add?
Robert Clyde: I might mention I'm also, particularly for today's discussion, chairman of the board for, crypto Quanti,
AJ Nash: Oh, yes, I left that out. I'm glad you mentioned it. That is important for today's discussion.
Robert Clyde: discussion doing, post quantum cryptography and, security for the Internet of things. So an important one.
AJ Nash: It is. Yeah. I'm glad you mentioned that one. Anything I left out, for yours, Jamie? What's that, Rob?
Robert Clyde: Too many companies.
AJ Nash: That's true. How about you, Jamie? Anything I left out from yours?
Jamie Norton: No, I don't think anything too significant. I do moonlight occasionally, as, as a, with the Australian government, but, but for the purposes today, Asaka is
AJ Nash: Okay, that's very impressive as well. I don't moonlighting. I don't know, I see these resumes. I don't know how you guys have time to do other things on the side, [00:04:00] but, and I appreciate, that you had the chance, we actually had the chance to meet in person to prep for this. That rarely happens.
And as Rob mentioned, we're gonna hint, what we're talking about today. So today's discussion is gonna be about quantum, computing in a lot of ways, right? So today's discussion actually is quantum computing, breaking the internet and how post quantum cryptography, PQC is gonna prevent this.
I wanna jump right into the discussion on this. Listen, quantum computing is not my strength. This is not where I come from. As I said, I'm an intel guy. I'm learning as fast as I can, but, it is like drinking water from a fire hose. So I think the audience may, I, we're gonna have a whole range of people listening and watching this, I'm sure, and some will understand quantum better than others.
But I wanna make it, easier for everybody and I'll be the dummy in the room. So can you briefly overview, what we mean by quantum computing and how it differs from conventional computing? Rob, why don't you kick us off on that.
Robert Clyde: Sure. So I think the first thing to understand is that, the base of quantum computing is different than what we call [00:05:00] classical computing, which is all the computers that we use today. And the base is, if you think about it at the bottom are zeros and one, and the ability to do instructions based on. Those zeroes and ones, primarily Boolean logic related to zeros and ones. And from there we build up to all the higher languages and even artificial intelligence and everything else that is based off of something could be a zero or a one. And we call those bits. So imagine in quantum computing we have something different. not a zero or a one, and we call those cubits, Q-U-B-I-T-S. And what that means is that at the base of quantum computing, we have these quantum effects with cubits, which can be a zero or a one, and at the same time. the probability of whether they were resolved to a zero or a one is infinite. you could [00:06:00] also say they could be a zero or a one or everything in between, all at the same
AJ Nash: It's like Schrodinger's cat for computing,
Robert Clyde: You got it. Be, and then when you go to measure it, you measure the qubit, it resolves to a zero or a one.
AJ Nash: huh?
Robert Clyde: And so we have these principles, and I'm not gonna go into tremendous details because I'm not a quantum physicist, and I'm guessing most of our attendees are not quantum physicists,
AJ Nash: I'll be shocked if there's any. If there is, I hope they reach out and let me know why they're watch or listen.
Robert Clyde: and entanglement come into play. And the cool thing though is an interesting thing is to get these quantum effects to take place, you have to cool a quantum computer absolute zero. So the co the cost is not just the quantum computer itself, the unit that has the cubits and the ability to affect those, but in fact, the refrigeration unit to get it down to near the temperature of [00:07:00] outer space. Then these quantum effects can be realized and worked with, and they're very different. We can do amazing things with them. Certain problems that certain mathematical problems and other problems that are difficult for quantum computers to solve can be, that might take thousands or even millions of years, be solved today or perhaps in the future with larger quantum computers in literally seconds or minutes.
And so that's just a
AJ Nash: Wow.
Robert Clyde: That we're looking at really a sea change that's
AJ Nash: That's impressive. And for those who don't know, Jamie, I'm gonna have you jump in, with your thoughts on Quantum as well. But for those who don't know, what absolute zero is I realize many will. But if you haven't studied, chemistry in a long time or some of these things, absolute zero is 459 degrees in change below zero Fahrenheit.
It's 273 degrees and change below zero Celsius. I don't know these off the top of my head. This is why Google exists. I was able to look that up, but for anybody wants that in context, [00:08:00] so the computers have to run at this super cool temperature. At all times because they're computing so, so much, so fast, they generate heat is what I'm understanding.
And they would otherwise melt down if they're not kept as cool. So Jamie, what can you add to us when we talk about the difference between quantum computing and regular computing? Obviously it's exponentially faster. And therefore can solve problems exponentially quicker, if we don't melt down the systems, but can you talk a little bit more about the history of quantum, about the, how we've gotten to where we are today in quantum computing?
The value that goes along with that.
Jamie Norton: Yeah. And the quantum concept was originally theorized in, I think in the seventies. So it's been with us, for 50 years now. So it's not a new concept or even, new from an in innovation perspective. But we have, and we're still, it's fair to say we're still relatively in its infancy where, the quantum computers that exist today and they do exist doing some of the work that we're, we're starting to progress down this path. They're, 150 or less than 150 qubits as Rob mentioned, the
There. So we're, that's still by quantum terms quite. Small. So the
That, [00:09:00] that they're currently solving are still quite small, but where we are looking to the future is where the potential for quantum to be very disruptive, both in a positive and potentially a negative way is when we get those qubits and the processing power up above, the million qubits level which could happen rapidly depending on innovations.
We're looking at what innovations might provide that sudden escalation. And there's also a few other things that they have to solve as well. And one of them is around the error correctional, the noise that, that, that is created through the, the process.
So if we can get innovations in some of those spaces and there's this rapid acceleration, then all of a sudden, quantum could be much closer than we think. At the moment I think we could almost take, take bets on whether it's five, 10 to 15 years depending on some of those innovations.
So I think, for me, I think maybe somewhere in the middle there is where it'll land.
AJ Nash: Is quantum, is there gonna be a day when all of our computers are quantum computers? Is this gonna replace computing? Is this, is my phone gonna be a quantum computer someday? Or is this still gonna continue to be specialized? Obviously the temperature I would think would be one of the issues.
And I mentioned cost is another,
Robert Clyde: hard to wear that big refrigeration unit that takes the size of a small room
AJ Nash: but then again, if you [00:10:00] think about it, if you think about the big mainframes that we used to have once upon a time, it was a little hard to think you'd have that much power in the palm of your hand. So I'm with you. I don't think that's necessarily translates to temperature, but I'm curious.
Robert Clyde: absolutely people working on trying to have quantum computers without the cooling requirements. So maybe someday,
If it'll be in our lifetime when we'll be wearing one on our wrist, but you asked, will we only be doing
And most people feel no. that there are so many problems that a classical computer is probably better suited
We don't even have the typical programming languages. So think of what we write programs in software in today. Those don't exist for quantum computers. So you, if you ask a simple question, do you have to be a quantum physicist and really understand quantum principles program a quantum computer?
The answer is yes. Do you have nice high level languages? So think of the old days when you wrote an assembler or [00:11:00] machine code today's computers. would probably consider that task easier than programming a quantum computer today, just to
AJ Nash: Wow.
Robert Clyde: context.
AJ Nash: So there's no windows working on quantum. Then there's, these are not user friendly like that.
Robert Clyde: working on those higher level languages and ways to make it easier, ways to make it easier for the average software developer. So think
The software developers on the planet. Most would struggle to program a quantum computer today. So
Enough software engineers to do it, even just interconnecting classical computers in quantum computers is not straightforward.
That your typical high performance computing centers think of some of the largest super computing centers in the world. Those are the kind of places that are working with quantum computers and attempting to find ways by linking them to classical computers to make the overall system easier to access, easier to [00:12:00] program, et cetera.
Of the foreseeable future, we will generally see quantum computers other than a few specialized use cases used in conjunction with classical computers.
AJ Nash: Okay, Jamie. Now Jamie, you had mentioned the quantum, obviously quantum is growing. You both have said that and it's, in its infancy. But you mentioned we're already using quantum computers to solve some things. Like what are applications right now? Where are we seeing quantum computers change our lives in ways maybe that maybe I wouldn't know that maybe the average person wouldn't even realize is happening?
Jamie Norton: Yeah, I think it's, we are still from what I've seen very much in that, developmental research phase. So the use cases tend to be more doing some pattern matching type things, some sorting type stuff. Clocks I think 'cause an interesting use case, in terms of using it for time. So I think that fairly discreet kind of niche areas at the moment as we test and as I said, the error correction and some of these things are become problematic even at those levels where they're trying to manage.
Software essentially on top of quantum to account for the fact that it's getting so many, there's so much noise within the sphere.
But, as that ramps up, I [00:13:00] think the applications are gonna, increase dramatically. And things that take a lot of computation today and take traditional classical computers a long time, will become much, much quicker to, in instrumentally quicker, under quantum.
Robert Clyde: Yeah. Yeah.
AJ Nash: All right, then that leads right into the next question then. Because we're trying to figure out what's happening and as you said, we're in infancy today, but there are some things, progressing, but then there's challenges. But what do we mean then when we're saying that quantum computing could break the internet someday?
And when is someday? Listen, just for those who weren't there for the prep call, which is everybody but the three of us, these gents introduced me to the concept of Q Day, which if you don't have anything on your plate right now that scares the hell out of you for the future, feel free to get really acquainted with Q Day that they're about to talk about here.
'cause there's a whole nother thing you can worry about when you go to sleep at night. Again, what do we mean when we say that quantum computing could break the internet someday? Jamie?
Jamie Norton: I'm happy to start off and I'll let Rob talk about Q Day, but, yeah there's a, an algorithm called Shores algorithm, which is, has been around also for a little while and hypothesizes, or provides a way, it's not hypothesis, it's actually a proven algorithm, to, [00:14:00] basically factor, prime factors create prime factors and of large intes. Which is exactly the thing that, that our public key cryptography is based around.
If there's an ability to reverse engineer our, those algorithms and end up with the intes or the keys essentially that the building blocks of our public key cryptography, then all of a sudden we have a problem. And with, quantum, there's, the potential to actually be able to do that algorithm, with the sizing of the numbers and the sizing of the key space that, that is currently present in our sort of 2 0 4 8 or 1 0 2 4 bit sort of public key keys. So the challenges I guess, as we go forward. If Shaw's algorithm suddenly becomes a reality then, a lot of the underpinnings that we have in terms of cryptography on the internet in terms of public key, so our web based transactions, our banking transactions,
At rest, a whole range of things become at risk.
And in terms of the sort of the raw numbers, as I said we're at less than 150 qubits today. I think it's around, give or take that 15 to 20 million qubits, we start to, sure algorithm starts to be something that becomes reality.
We're still a little way away.
But [00:15:00] the challenge I guess is that, that's coming in a space of time, five years, 10 years. So we know we're within the frame, depending on innovations and depending on what happens in the broader research space. But from most people's perspective, it is coming. So the question is, we should start looking at that and having a plan today.
'cause it's, it's gonna be happening next
Next short while.
AJ Nash: So just to clarify the numbers and Rob that, I'm gonna ask you to follow up on this, how many qubits are we at today in quantum computing? Roughly
Jamie Norton: believe we're with, some of the ones the IBM and other ones are sitting around that just below one 50 qubits.
AJ Nash: about 150. And you're saying how many do we need before we're. Looking at disaster, essentially if something hasn't changed.
Jamie Norton: Again it's, open for debate, but, I've seen numbers around that sort of 15, 20 million mark for sures algorithm.
AJ Nash: Okay.
Jamie Norton: There's definitely things though that start to kick in from that million qubit mark, north of
AJ Nash: Okay. So 150 to a million does seem, I mean as a layman it seems like a pretty big gap, right? But I, is this something we're expecting it to? Does this pick up speed? Is this like momentum? Hey, getting from one to a hundred is really hard, but then a hundred to a thousand gets easier and a thousand to [00:16:00] 10,000 gets easier still.
Is that sort of the thought process here? 'cause otherwise I'd be looking going 150 to a million. I won't spend a lot of time thinking about this, but I have a feeling based on our previous discussions that this is picking up speed. And that's a, that's why we should be concerned now.
Robert Clyde: yeah. D-Wave just announced a thousand qubit system, for example. Whether or not that system is capable of implementing Shore's algorithm is open to. Open to debate the, it's interesting because the qubit question really depends on, do we mean by we call logical qubits, or in other words, qubits that are not subject to errors
Are subject to errors.
And because of that we need more qubits. That's why
Need 10 to 20 million if we just go on today's course and speed. Interestingly enough, if we could get three to 4,000 logical qubits, in other words, error free qubits, you could implement shore's algorithm to break the internet
AJ Nash: Oh, that gap just got a lot smaller. 150 to a to millions. Sounded a lot better than 150 [00:17:00] to a few thousand. And there's my nightmare fuel. Thanks. This is great.
Robert Clyde: is a breakthrough,
AJ Nash: Oh. Oh, good.
Robert Clyde: in so many areas. Do we know when that breakthrough will happen? No. Do we know if it will happen? No. If it doesn't happen, then we just consider, continue on the scaling trajectory we're on right now. It's more likely to be more in the decade kind of range before we get to this issue.
My own opinion, by the way. You can
AJ Nash: Sure.
Robert Clyde: others. However, I am a big believer in breakthroughs. We keep having them. We had a big one in AI when, for most of us it was seemed to breakthrough when chat GPT
AJ Nash: Yeah. Sure.
Robert Clyde: tell you, the breakthroughs were happening behind the scenes years before, but they were happening it went unnoticed by many of us.
So it shocked us with how quickly AI will get here. My own prediction is we're likely to see the same thing with quantum computing, and it could be a bit of a shock. Let's also [00:18:00] remember governments are heavily behind this effort.
Certainly has a major effort. The US government is intensely interested.
This, I'll just ask a rhetorical question. When we have a quantum computer powerful enough to break the internet. Will we even know it or will it be kept secret by a government?
AJ Nash: That's a good point, right? It depends on who gets there first, and that doesn't necessarily mean there's good guys and bad guys. I don't care which side you're on, everybody wants to get there first, right? Nobody wants the other side to get there first. It's, this isn't, there's no right or wrong answer onto who should get there first.
It's just gonna matter of who does get there first, and then how they choose to act. As you said, are they going to be public about this or are they going to be quiet about this? And meanwhile, they have taken apart all of the they've overcome all of the security protocols, all the thing, all the underpinnings of the internet, and now suddenly have full access to everything that we think is secure and don't tell anybody about that.
And I have no misgivings in saying that could just easily be our government as [00:19:00] anybody else's. Governments are pretty good at getting a strategic advantage, informational advantage. Coming from a guy who spent, almost two decades at NSA, and not telling people that's part of government's role sometimes.
I wouldn't be more or less concerned, depending on which side ends up with it. But Rob I gotta have you define Q Day then. So you know, what happens if we get to Q Day? First of all, explain what Q Day is and then you know, what the challenges are. What happens if we do get there?
Robert Clyde: Yeah. So Q day is the day when we have a quantum computer powerful enough to break the public private key that the internet is based on today. And to give you an idea, the underlying math for today's internet is really very simple. is either based on the problem of factoring very large semi prime numbers into the two prime numbers.
So think of 15, the semi primes are three and five, and you and I in our heads can factor that very quickly. imagine a huge number, hundreds of [00:20:00] digits long. Is put together by two other huge numbers. You and I can't factor that
AJ Nash: No.
Robert Clyde: Guess what? Neither can today's computers. So today's internet uses a 2048 bit key
And that's both for digital signatures and is a way to do the key exchange to set up, say, a secure session when we are going to buy something or do a transaction on the internet. So once the, to do the key exchange and we get to symmetric keys, that encryption is better
Quantum computing much longer to get to. But to break the internet, we don't have to break all of symmetric key, which will take longer. By the way, there's another algorithm for quantum computers to have a speed up for it as well called Grover's algorithm. But that algorithm will take longer both shor's algorithm and Grover's algorithm work. These are not theories. They work. Shor's algorithms actually been implemented on, today's quantum computers and can break. [00:21:00] Quickly factor small semi primes or there's another method using logarithm. Same kind of principle though short
Will break both of those for all of today's public private key. So the day that happens when the public private key encryption that we all use and it's crucial. Without it, we can't exchange the keys for symmetric key encryption. Symmetric key means, if you and I were talking, you and I both have to know the key.
In the old days, one of us got on an airplane with a briefcase attached to our wrist with the key inside.
Literally that's how banks and others exchanged keys
AJ Nash: Sure.
Robert Clyde: and That would be impossible to have an internet. Think of it, it would be impossible to have the internet today if we didn't have a secure way without getting on airplanes to exchange keys.
AJ Nash: Sure.
Robert Clyde: it's absolutely crucial. It also gives us the way that we can prove that.
I can prove to you it's me and not a fake me. So I have di we have digital signatures as well, and I know I'm talking to my bank and [00:22:00] giving my credentials to my bank and not a fake bank.
So Q day is the day when that's broken by a quantum computer.
AJ Nash: And then that means that whoever does that. Could do all these impersonations so I could be certain that I'm dealing with a bank, because that's the encryption I've always believed in. And in reality, I'm dealing with somebody else. I would assume nation state, because I don't think Bob down the street's doing this.
But now a nation state's actually in there, so they could take my money or they could take my information and it would be all of the things that we currently consider secure on the internet. Because, once upon time we thought 2048 was, was unbreakable. Nobody's ever gonna be able to.
To handle that. And it's funny how no matter what we think is impossible as humanity, we continue to make the technology that makes those things obsolete. And then we have to find a new thing that's even better. For anybody who wants some real light reading I highly recommend checking out Grover's algorithm.
I'm over here reading it on the side. And if you didn't like Shore's algorithm, you're gonna love Grover's algorithm. But no, it's, it actually talks about, quantum search algorithm. It's, it's very interesting talking about the high probability with searches. So as somebody who's not a mathematician, I actually, it is interesting.
But it's, [00:23:00] all of this is fascinating, right? I, all of us use the internet pretty much. All of us, use the internet every day all the time, right? We're on it right now. It's on my phone, it's everywhere. And I don't think most people understand myself included, by the way, how most of this works, right?
I say that and people are gonna go, Jesus. He is. He is in cybersecurity. He doesn't understand how the internet works. I understand the basics of how the internet works, but really, I. The complicated factors. I don't just as I honestly don't understand when I turn the light switch on why electricity actually works and my, I didn't take the time to learn these things.
I'm not an engineer. I trust these things. I know enough. But it's fascinating when you dig into these details, with experts like yourselves, who, by the way, I appreciate you've been able to make this as simple as possible. I do understand it a bit at least, it's 'cause it is very complicated. But, but it's fascinating to see, what's happening in this constant game of evolution of technology, and how we're challenging ourselves to, to be better with these things.
Jamie Norton: It's interesting too, as, and we've been, we've touched on the military aspects that and largely the civilian aspects. But if you look at history, the, in terms of the world wars and other conflicts that the breaking [00:24:00] of codes and crypto is at the heart of. Human conflict over, over many generations.
You've gotta imagine in terms of what's driving some of this innovation is the fact that if you can break codes and reverse, cryptography on a, in terms of conflicts, then that absolutely is a, an advantage for whoever can do that. As you say that, that's probably a key factor in driving some of this innovation.
And you'd imagine, how some of these breakthroughs might actually start to happen because there'll be aspects that will be, advantageous for nation states.
AJ Nash: Yeah, that's a good point. Listen, if China or the US or the governments are working hard at this, which we all know they are, it probably is not actually to steal money from my bank account, north Korean government, I'm sure they'd have an interest in that. That's part of their business plan. But they're probably a little further back on Quantum, if I had to guess, based on, I know of North Korea.
But, but yeah, breaking it from a military standpoint, it, this reminds me going way back to the Enigma machine. And how that changed World War ii. The Germans felt that they had really solid, encryption and that their, they had a key, and it was, their code was unbreakable.
I guess everybody thinks your code's unbreakable until somebody breaks it. And, it was broken, by [00:25:00] allied forces. And so then we understood what the Germans were saying and where they were going, and their u-boats started sinking, surprisingly. And it changed the war. So this is obviously on a much larger scale, but you make a very good point when you mentioned, governments and military.
The military and the governments, they're not interested in doing this. They can steal our money. It's, it is for advantage, right? If I continue to believe I'm speaking encrypted again as a guy who spent a lot of time in NSA, I'm very familiar with encrypted comms and I'm very familiar with people who believe they're on secure communications and it turns out they're not.
And, in war times, those people end up having, much shorter, times on the battle battlefield, the battlefield. So there's huge advantages or disadvantages if you're on the wrong side when it comes to this from a nation state standpoint. It could change obviously wars, it could change, peace time negotiations.
If you're gonna go into negotiations for you're gonna have bilateral talks or multilateral talks at the UN or NATO or something like that. It's really advantageous if you already know what everybody else is gonna say before they get there. And you might know that because they've had all these conversations that they thought were encrypted while they talk to each other to make their plans.
And it turns out somebody's listening because they've [00:26:00] broken encryption and haven't told anybody. So yeah there's all sorts of applications that, that I, that hit home for all of us. I think that's certainly myself that go beyond just like our daily life. So I guess the big question then, so the technology's advancing.
Q Day is coming faster than maybe we wanna believe. How do we avoid breaking the internet? Because, 'cause I kinda like the internet and I'd like to continue to use it. So how is this gonna be stopped? How are we gonna avoid doing this, Jamie?
Jamie Norton: This is, this is I guess the interesting piece and, Saka has been, very interested in this exact question we did. So a little bit about Osaka. First of all, we are, we're, the Ggl, a global professional association focused on digital trust. Audit, cybersecurity and governance is our key areas.
But we're also very interested in, AI, quantum and some of these other technologies and innovations and we surveyed our, constituents and, some really interesting responses we got back, in terms of just where quantum sits, in the. Broader, the broader, ecosystem, and I think the majority of our, certainly the majority of our [00:27:00] surveyed, members were aware of quantum and aware of some of the risks. I think 62%. So that was really a positive. I'm still a little bit concerning that 40%, not aware but we're past that halfway mark. What was really concerning is only 5% at the moment are, doing anything.
So they're only their organization, only 5% are doing something about it.
We do have this, this gap, called quantums. We're talking about it here today, but it is still very much a bit of an under the surface, problem for most people. AI is taking up a lot of that vacuum of discussion and, sitting there.
And, it's becoming, becoming more of an issue as we get closer to Q Day, but, interestingly we also have this concept of, harvest now dec cripp later, which is another challenge that we work with. And that's, again, if we're talking nation states, we know that nation states harvest data and on every, on citizens, on, on
So that's potential to decrypt those in five or 10 or whenever Q day, finally hits as well, so that timeline becomes a concern which kind of pushes forward the preparation to, to more now or over the next little while, rather than waiting until Q Day is honest. And then there becomes a bit more of a mass [00:28:00] panic.
Interesting dynamic. Definitely the. From my perspective, the how do we avoid it as we, we start now? And as organizations the key thing to start with is education and actually, understanding what the challenges, this
Great. It gives, some really good background.
And then just making sure that not only as practitioners we're educated, but our executive educated and organizations in general have an understanding that, that this is gonna become a problem if we don't start to action it now.
AJ Nash: And so it, with almost everything, in cybersecurity, our first response is education. And for good reason. It's always true, right? How do we stop phishing? We gotta educate people on what phishing attacks look like. How do we stop, malware, pick a thing, right?
It always starts with the users. 'cause the users are, the problem usually. So we start there, but I'm curious in this case, my guess, I don't wanna put words in your mouth, but this one's a little different. It would appear to me, we're not gonna try to educate everybody on quantum.
It seems impossible. I consider myself relatively bright. I've been in the industry for decades now, and I barely understand this. I'm certain that my, [00:29:00] relatives, grandma and whatnot are not going to it's not gonna be the same and this is it. We can't get them to understand phishing still.
So when we talk about educating our stakeholders, where are we drawing that line? Obviously government leaders, the, the people who have the power, to invest in, in the solutions to this, if they don't even understand them, at least they have the power to make decisions, legislation, that kind of a thing.
And then tactical experts. But where do, where's the line? Who are the stakeholders here? Who are the people we have to make sure understand this and are working on it? And then the rest of us are just gonna be dependent on those smart people keeping us from losing the internet,
Robert Clyde: yeah certainly it would be cybersecurity professionals and absolutely certain that CISOs understand. And, also it auditors the people who are going
Assure the systems regulators. Yes. Board of directors, management has to understand at a high level the risk. I would say probably not much deeper than what we just discussed on today's podcast, is the level of understanding that yes, there is a risk Day is coming, it will come. The [00:30:00] question now is, and there is good news. NIST has known about this issue for a while.
AJ Nash: Good.
Robert Clyde: they've been working on this for almost a decade and, many potentially solid algorithms that would be, able to not be subject to shore's algorithm,
Have been proposed. Large number over 60 that the N NIST looked at and that cryptographers all over the world have looked at over the last decade. They came down to three. Now that our sta our, we actually have FIP standards,
Just like we have FIP standards for the encryption that we've used previously. so you can now actually implement those algorithms for both digital signatures for public private key encryption. So for doing the key exchange. And then when it comes to
Key and Grover's algorithm. The simplest today is just simply increase the key size. So even with a quantum computer, a Grover's algorithm has trouble as you keep increasing the key [00:31:00] size shore get shore's algorithm just increasing the size, say from RSA 2048 to RSA 4,096, once we have a large enough computer, it's not gonna make much difference.
So shores algorithms, the bigger problem in public and private key that underpins the internet. So we have these algorithms, they are starting to be implemented and so a lot of the march to preparing for Q day is about, okay, what's the right process to take so that we can all begin moving to post quantum cryptography that is not based on factoring large semi primes or certain logarithmic problems, but encryption that actually the largest quantum computer isn't gonna break. That we, fortunately, we have those algorithms. We have new mathematical algorithms that are out there. There's actually a couple more coming, a couple of backup algorithms that NIST is working on, just in case [00:32:00] a cryptographer somewhere figures out a genius way to break it. Always a possibility. So nice to have a backup that we can quickly move to as well in case that occurs.
AJ Nash: It's, that's all very encouraging, right? It, it's all still very scary, but at least this is encouraging and it's good to know, that you've, we've got a good definition of the stakeholders. Like I said, if this was dependent on, our relatives and friends around the world being able to understand this thoroughly, I think we're in a lot of trouble because phishing is still.
Very effective. And it's very simple comparatively. So it's good to know that the stakeholders are understood. It's good to know that NIST has been working on this for a long time and, there's a lot of things that go on in the background that most people don't know about.
That's how the world works, and that's a good thing, I think. So two things I wanted to mention first, for those who don't know I should have said in the opening, we keep saying isaka, it's I-S-A-C-A for those who know, that's the Information Systems Audit and Control Association. I should have defined that for everybody.
I don't think everybody knows that it's very important, organization though. So if you're not familiar with isca, please check it out. As most people know, don't do a lot of [00:33:00] plugs on the show for companies like that. But that's not what ISCA is. This is a, an association.
This is important. And what we're gonna talk about and some of the solutions that go along with this I highly encourage people, who wanna know this better or a stakeholder as was defined here, to reach out to Isaka on this. I know that actually you guys developed a new, preparation checklist that walks through some of these things.
Can you talk a little bit about the checklist, what's in it and how, who it's designed for and how it's gonna help?
Jamie Norton: Yeah, so Saka has pulled together a checklist, which is available on our website@saka.org. And it's distills down, all that we've been talking about today into a very simple kind of, checklist of things to do, to become prepared for, for. Q day essentially.
Or at least for the quantum challenges that are coming forward. So education's definitely part of that. And then that next phase is where we, I say start to eat the elephant. It depends on the size of the organization, but it's really understanding where you have those crypto, particularly public key, usages within your organization, whether they're repositories or whether they're, transactional.
But start to identify those and start to build out a plan of how, as [00:34:00] Rob, Rob said, you can move that towards post quantum cryptographic algorithms. So it's, it may sound like it's, this quite challenging esoteric concept, but the reality is the rubber hits the road and we can start to identify where in the environment we have. Exposures to, to traditional crypto, triple, and then have a plan to start moving that through over the next period of time. So it's not something that needs to be done, it, it needs to start today. It doesn't have to be
But it has to be something that's in focus over the next little while.
So that when that day arrives, or whether it's five years, whether it's 10 years whether there's in innovation tomorrow and it happens next week it's definitely, from my perspective, it's coming and, being, being as well prepared as we can and having a good understanding of, what's at stake, I think is really important so that we can achieve a good result.
AJ Nash: Let's hope it doesn't come next week. None of this sounds like something we're ready for. So I'm, this is a rare occasion where I'm gonna root against science having a breakthrough I'd like to see that not happen for a while. I guess this is, maybe teleportation would be another one that comes to mind that I'm in no hurry to see happen.
That could be some other generation that, that manages those problems. So a couple of thoughts. I wanted to, pose these were not things you were prepped for, but [00:35:00] in going through the discussion, again, we've talked about this is complicated, right? In general terms, it is not if you're a quantum physicist, but for the rest of us, this is somewhat complicated and and that's fine.
But for the rest of us who are so dependent on the internet for everything, right? So it puts you in a position where, okay, there's something very bad that could happen. There's a lot of very smart people that are working on solutions to this. Most people are never gonna understand this with any real depth, myself included, frankly.
And so that requires you to just have some faith and trust in science, in technology, in good people, which historically has not been a problem. We're in a different part of history right now, it would appear. How do we manage those challenges? If we have people that just don't understand this and now and refute it and say, oh, this isn't happening.
It's, it's a hoax or it's, somebody's just doing this 'cause they want money. We're doing it at a time right now with a lot of government funding is being cut and I think sometimes in cases where people just don't understand things, so they think they're waste. I, is there a re a risk, or, and I don't wanna make you this into a political discussion, I'm not trying to put you guys in a, on a hot seat when I say this, but is there a risk in that [00:36:00] area of ignorance, resulting in lack of faith or trust and confidence in these things? And then undermining all of this and putting, our country, or any country for that matter, at a disadvantage?
And if so, are any thoughts on how to counter that? How do we educate even the average Joe, like myself enough to have faith in science and technology on something that is instrumental to the future of all of us if we wanna continue to use the internet?
Robert Clyde: Yeah, I think part of it is most people don't know how today's cryptography works and why the browser is safe.
AJ Nash: Yeah. Up.
Robert Clyde: part of it is just ex explaining it in simple terms. As I try to do using five and three
And now imagine that you got this really big number, takes millions of years, and all of a sudden you can break it in seconds.
Now we're in trouble. for most of us, for say my children who are not into, many of them, not into technology, they're just going to one day be [00:37:00] using browsers and going to sites and unbeknownst to them it's gonna be using post quantum cryptography. Instead of the method that's being used today, and this is already being worked on. So if you already have faith in the major providers of browsers and the major websites that you're going to say your bank say where you buy goods, et cetera, are those places are gonna move along as quickly as possible. we're gonna struggle is as you get a little more fringe and it's gonna be slower and I would just suggest we're a little more dubious of some of those sites already,
And maybe with good reason in the future if any of us are in a buying position. Simple questions to ask of vendors who provide a software in particular or sell us the Internet of Things, devices.
So say a security camera. So imagine you buy a security camera, it's cheap, it's great, [00:38:00] but quantum computing can easily break it. And you could use quantum even through the cloud and the cloud service someday in the future and easily break it.
That would be a big mistake. So we're gonna wanna start looking for certifications and you will be able to get certified against these FIP standards. That's what they are. They're certifications. You can go through and start just simply if we're in a buying position, asking our vendors, are they certified against the NIST post quantum, cryptography algorithms with this specific
Are there.
It's not difficult. We do that today. Those are easy questions that we can ask of our vendors. We don't have to be brilliant to do that. And we can, if we are in a position of control over our own teams, when it do does come to cybersecurity there are important questions to ask as Jamie was saying about. The state of our encrypted data relative to that, and that go beyond just education. And now we gotta start making plans and figure out [00:39:00] what we do first and what the prioritization is. And there's a lot of relative to that. It, this is not so hard to do and we don't have to be a quantum physicist to figure out how to do it.
This is straightforward process and security stuff, not that different than we all did for say, Y 2K in terms of the kind of process and thinking that has to be put in place. The one difference is we don't know what the date, the actual date is for Q Day.
AJ Nash: That's a good point. Jamie. Anything to add to that?
Jamie Norton: Yeah, I think there's, we've seen with the survey results, which are also available on, on our website that there's definitely an, an amount of inertia here, which, which is not unsurprising, but it's still there. Nonetheless, that, that inertia that just taking make, taking the steps to start the preparation and getting across what the issues are.
As you say, we, we are not all quantum physicists, but it doesn't take a lot to become aware of the challenges and aware of what the implications are. I take your point too, that there's often a fair amount of skepticism when we're trying to shift, mindset. And, the other interesting dynamic [00:40:00] here, which we haven't touched on, but with a, with a. Potential, crypto, the privacy aspects I suppose of crypto. And if that's, if data becomes very, accessible in a very quick time sensitive data sets, then you've got privacy issues. And if you look at GDPR and some of these things there's these big rocks coming for companies that aren't moving to more, quantum resistant or post quantum encrypt, encryption because data sets suddenly become potentially harvestable or accessible.
And if you're looking at privacy of user information, you're looking at all of these aspects that all tie plate we rely today on, on, and we assume privacy of our data when it's at rest or wherever it is on the internet. That's an ongoing challenge, obviously, that we're fighting with today.
But that privacy aspect is a fundamental aspect and, this whole issue plays right into that in terms of ongoing privacy of data and whether it's consumer data, whether it's business data. So I think the time to act is now. And, I think we. I want to get across the issues and be aware of what's coming down the path professionals.
AJ Nash: Yeah, it's really a fascinating topic. It's, i'm in a, I'm in a lucky position doing this show because, some topics [00:41:00] show up and I just know what they're gonna be and they're gonna be easy to talk about and I understand them well. Something in inter in international relations, something in, in, in intelligent things.
I grew, I've grown up doing, for years. And then every once in a while I get a show where somebody brings me a topic and I'm just like, I don't know anything about this. And it also may or may not be interesting. This is fascinating though, like the more we talked in prepping for this, I don't understand as much as I'd like to, but I understand more than I did.
And maybe in a sense I wish I did know because I'm a little scared. But, but it is fascinating to recognize what's happening, and that escalation, the speed at which technology changes, right? That we can go from 15 qubits and it could be a thousand and who knows where it goes from there.
And maybe it doesn't take millions, it takes a few thousand if they're really good as opposed to being, noisy, to get someplace. So I gotta ask the obligatory question, that goes along with all this. Where does AI fit into this? It, Rob, you mentioned a while back, the challenges in programming, for instance, the qubits, computers, quantum computing isn't like computers we use every day.
We don't have windows, we don't have, iOS, right? It's a [00:42:00] totally different system and it's harder to do. And most people in the world can't do this. What about ai? Is this gonna be another thing where, I'm sure somebody's gonna sell it, like whether it's real or not.
Let's face it, this will be the heart of some company relatively soon is gonna be AI writing code for quantum computing. If somebody hasn't already put that on a billboard somewhere, I'm sure they will, but what are your thoughts there, if any, and maybe AI doesn't apply and just tell me it doesn't.
I'd be thrilled. But what are your thoughts there about where AI is gonna fit into this, going forward? Because, having just come back from, RSA conference, everybody's got AI and everything now is that the solution to this or is that the danger.
Robert Clyde: Yeah, AI actually has several aspects relative to quantum computing. One is the one you mentioned of actually RA writing, the quantum computing code. Will that happen someday? Absolutely. We're already at the day now where AI can write conventional code. I want to emphasize, most developers say maybe it does about half the job.
AJ Nash: Yeah, it's pretty bad at it from what I understand still.
Robert Clyde: And let's remember I was a programmer when I [00:43:00] started my career. I'm the first one to tell you when you still have 10% of the code left to do, you're about halfway done.
AJ Nash: That's right. Yeah. That last bit matters.
Robert Clyde: you're like 20% done. You're not even close to done. So I want to temper that with reality that, than specific problems, is still not, it's helpful in writing code, but it's got a lot of work to do to get there and it'll have a lot of work to do to get to writing quantum computing code.
And it's almost certainly part of the answer though, for us getting there. Because of the quantum natures of quantum computing, it is ideally suited to certain aspects of ai.
Computers.
Something that ai, we ask AI to help us with constantly think of the traveling salesman problem, very hard to solve, in, on a conventional computer in any reasonable amount of time. So we don't usually do it. [00:44:00] Now you could do it easily with a quantum computer and have been able to do for many years. So AI will be running on quantum computing, very good at pattern matching ideal for ai. And then finally, a last aspect. What slows this down on ai? If we just ask that question much like we asked, what slows quantum computing down from growing faster and brought up the issue with error correction, of course, the cooling, which keeps it from being ubiquitous and ever wearing one on our
So what slows AI down is the sheer size of the data centers and the energy consumption that those data centers require.
Interestingly enough, while it sounds very expensive build the refrigeration unit for a quantum computer, here's what's unique. As we build larger and larger classical computing data centers, they require continually more power. So much power that many of the largest ones are the same powers as small city. And we're talking about now small nuclear reactors to [00:45:00] power those data centers with a quantum computer. Once you've spent the effort to get it down to absolute zero with your refrigeration unit, add as many qubits as you want. You don't need additional power.
AJ Nash: Really?
Robert Clyde: the power is static. It's fixed
AJ Nash: What about the power to keep it at absolute zero though? If you're adding more computers, you're adding more heat.
Robert Clyde: Qubits, this is what makes it cool. As you add more qubits, you don't need more refrigeration.
AJ Nash: Huh?
Robert Clyde: It's amazing, isn't it?
AJ Nash: That is a, yeah, that would not have been my thought. I was figuring it was gonna be a constant growth there.
Robert Clyde: so the reality is quantum computing could actually be one of the answers for today's power hungry data centers, especially for ai. Because once you've, even if we still have to cool the absolute zero, that cost is fixed. So we can get ever more powerful without having to consume more energy.
Argue quantum computers are quite green.
AJ Nash: But can [00:46:00] I crypto mine with a quantum? With a quantum computer?
Robert Clyde: That's a very interesting question. So today, Shore's algorithm is not the what you need to help you, and more importantly, could you break blockchain so that all the crypto is
AJ Nash: There's the question. Yep.
Robert Clyde: question. So the quick answer is no. Shore's algorithm is not the one that will let you break block blockchain. However, there is risk just that other things will come along that will let you do it. Almost certainly with some work. They might help you crypto mine faster, thereby
The value By the way of those coins.
AJ Nash: Sure.
Robert Clyde: risk there as well. So yes, quantum computing could pose a potential threat to far into the future, I don't wanna say soon,
Into the future for the cryptocurrency that we're using today. Very important that we begin to use post quantum cryptography and methods like that embedded into the blockchain and ensure that the blockchain [00:47:00] is as quantum resistant, if not quantum proof as we can make it.
AJ Nash: It's amazing. We're living in a sci-fi future. We're talking about cryptocurrency, fake, fake money. Like for lack of a better way of putting it. No offense to anybody. I've got some as well, but money that's made out nothing. Essentially we're talking about ai, the future is merely here, and it's not human anymore.
Apparently. We got crypto computing on top of all this and just as we've spent the last few years, talking about blockchain, blockchain's the answer for everything. It's gonna make everything safe and secure. Nothing's gonna be able to break it, et cetera. And now we're like, wait a minute.
Crypto might come, crypto computing might come along, and and that might break it. Quantum computing might show up and break crypto just like that. This, all this trillions of dollars of valuation in crypto and everybody's been very excited about it. And maybe it'll be fine, but also maybe quantum will have a breakthrough and somebody will just come in and take all your coins, and all your magic money will become nothing again.
And of course I would, the whole world economy would crash if somebody does that. But, it's a remarkable world that makes me sometimes wish I was just a wee bit more arrogant. Ignorant, not [00:48:00] arrogant. God, wee bit more ignorant of all of these things. Don't worry, I'm plenty arrogant. Ask anybody, but a wee bit more ignorant of all these things.
'cause it's scary stuff. But also just super exciting and interesting. And, I'm gonna tell you just self-serving. I spent years working. A while ago, with a team where everybody was infinitely smarter, than myself, mostly mathematicians, PhDs, true rocket scientists. And now I'm very excited to pass this along and be like, Hey, you gotta listen to this episode.
I finally had a conversation with people that are that kind of smart and it's amazing. And this will be very interesting because, most of my conversations are interesting and exciting, but in a different, area. So I'm looking forward to reaching out to all my math, PhDs, and having them come in and tell me how great this episode was and how interesting this is.
'cause I find it fascinating and I still wanna understand about half what we're talking about. But it is interesting, Jamie, before we get to the closer and you guys are both gonna get stuck with that same closing question everybody gets, but is there anything you want to add, to the technical part of this discussion?
Whether it's ai, whether it's the future, any, any parting thoughts on are we in a good place? Are we in a bad place? Should I pretend I don't [00:49:00] know any of these things or should I be excited for the future?
Jamie Norton: I think we've, we've highlighted just, I, you're right. It's such a fascinating area and. whilst we, we want, we, we are trying to build awareness here. We're not, we are also not trying to suggest that it's time to panic. It's, it's a measured approach. And get educate yourself, educate your, stakeholders that are key to building the steps to address this and then start working towards it now.
But absolutely fascinating. We've seen just in the last, it's been a long journey for ma manufacturers like Nvidia. But in the last few years with how that's just exploded with their computational,
Services around ai. You can imagine what the vendor landscape and just the broader ecosystem's gonna look like when you've got Quantum with AI running on top and then you've got, blockchains and cryptocurrency and everything in that ecosystem.
It's just gonna be fascinating to watch the dystopian future that we're building for ourselves.
AJ Nash: No, we're building the dystopian future, so AI can take all of it. I've seen how those movies end. It's never good for us. So we're, it seems like we're trying very hard to make sci-fi real as if we don't [00:50:00] understand what the results are going to be. I'm hopeful it won't be my generation, but I, it's a possibility.
Listen, I wanna thank you guys. This has been a fascinating discussion. And I know we didn't give it justice and our is just, it's all you can really do right now, but it's enough for people to understand, hopefully, and then wanna learn more. And again, you can reach out to Isaka, to learn more about, how to.
What quantum computing is, where we're going, the checklist to help get prepared for this. It sounds like just about every CISO at a minimum, should understand these things and know what to do. Probably into the board levels as well. The people who run companies and keep all of us, safe or moving forward or whatever it is.
We're all gonna be very dependent on them. And of course, nation states as well. As we're getting to close out the show, listen, the name of the show is Unspoken Security. So everybody gets the same question, to close the show. And in this case, both of you get it. So you, I get double the answers. So again, name of the show, unspoken Security.
With that in mind, tell me something you've never told anyone something so far that has been unspoken. Rob, you're gonna go first on this one.
Robert Clyde: Sure, yeah. I'm gonna show my security ignorance when I was a young [00:51:00] programmer. So I actually started programming as a teenager, which you can tell by my age that was quite unusual in those days. Not unusual at all today. And, actually built an accounting system. that was used by a number of customers,
And often happened, you, I had to also do the customer support when there were issues with the accounting system. and in order to avoid all the hassle of getting credentials and being able to get into the customer system, I put in a backdoor
AJ Nash: Oh.
Robert Clyde: so that I could easily get in as age 16 into the accounting system and, quickly help my customers. I did it for a benign reason. That seems like I didn't even know what a backdoor was, by the way. So I was helping customers for a year, finally this one customer said, wow, you help us so fast, how do you do it? You usually have to [00:52:00] go through this process and we have to give you access and all the rest. And they said, oh I just programmed in this capability that only I have access to. looked at me and he said, that's called a backdoor. I said, backdoor. Yeah.
Guess that's what it is. He says, you can't do that. And explained to me why. And, that was in many ways my first introduction to security concerns at a very early age, a negative way to learn about it. I promise you, I never put in a back door again into anything.
I was quite chag grinned by making what was obviously a rookie mistake.
AJ Nash: I'm assuming you didn't have to spend any time in a courtroom explaining this to anybody that was understood that this was not nefarious and you just had to clean this up. These are regulated organizations even back then, right?
Robert Clyde: not happy. I did
AJ Nash: I
Robert Clyde: yelled at. He was kind to me realize that I didn't mean to do this. I promised to go through the front door from then on, and I dutifully removed the back door and, as a company, we had to assure them [00:53:00] actually legally that there were no. doors.
AJ Nash: sure. Yeah.
Robert Clyde: consequence to this with an addendum to the, license agreement today. Very common that's written in, back then. Not that common. They were not a common concern, and it was a word I had never heard.
Youth have probably heard that word.
AJ Nash: You created it. You're the reason all of our contracts have these stipulations in it.
Robert Clyde: one, but I seriously doubt it. I'd at least like to say it was through ignorance and, not through for some nefarious purpose.
AJ Nash: No, I love it. It was very efficient. I'm sure you triggered a whole bunch of audits.
Robert Clyde: People loved me. They were amazed at how quickly I got to the bottom of their
AJ Nash: Yes. It's magic when you live inside the environment. You were an, advanced, persistent threat before that existed. And I'm sure you triggered an all sorts of audits for these accounting firms who then had to go through and make sure that you weren't moving money around.
Well done Rob and 16 at this time, you're saying, so that's impressive. And you avoided jail. Thanks for sharing the story, Jamie. You get to try to top that story in some fashion. What have [00:54:00] you got that's so far? Been unspoken.
Jamie Norton: I'm not sure I can top, but I thought I'd keep it on theme and we've talked about, software development. We actually, you briefly mentioned sort, and I think it was in the context of quantum sort, but
The nineties, about 30 years ago when I was at university, and I was doing, one of my degrees was software engineering, and I was doing or a third year top subject on, algorithms, advanced algorithms.
And our assignment, a coding assignment was to do a complex sort routine that, that required manipulating many tree nodes, which just was a little bit complicated and for my head to get around. And so I'm developing this code, pulling this all together, and it was awful. The code, I couldn't de decode, I couldn't, decode it.
There was things not working. I was supposed to have 99 or a hundred nodes in my sort tree, and it was just, I was getting outta hand and I couldn't, I couldn't work it through. So in the end, I got desperate. I commented out my entire code then right down the bottom called the operating system sort routine. At the bottom to go and do it, do its thing. Confident that I was just gonna get zero for that. But as it turned out, they ran them through automated testing and because I'd called the operating system [00:55:00] sort, it passed with flying colors. No one actually looked at my code to realize that it was all just comments and there was actually no code at all. I still to this day have a software engineering degree from that university. I'm not going back now to to hand it back.
AJ Nash: I am sure they're proud. Do you wanna tell us what university this is or should we keep this to ourselves? I'm sure.
Jamie Norton: it's probably on the public record somewhere, but, it's been 30 years. So hopefully everyone's forgotten.
AJ Nash: I think you're safe at this point. I think you're safe. Listen, it's, everybody's got, like I said, everybody's got a story. That's why we have these discussions. And I think that's great. You didn't do anything. Both of you. It's interesting. Both of your stories were no effort to do anything nefarious.
Rob was just trying to be more efficient. Jamie, you just accepted it. You're like, I'm getting a zero. I'm just terrible at this. This is not working the way I want it to. I'm just gonna be honest and throw it forward. And it just worked out in both cases. It's a good story.
Both are good stories about, sometimes you just don't know what's gonna happen. You're gonna make the best effort and see what comes out. Listen I'll add a confession. Sometimes I add my own, and sometimes I don't. But I'll add one here that I'll probably regret later. [00:56:00] So when I was in grad school, so I, before I went to Gonzaga, actually I started grad school at University of Louisville.
I was gonna do a program in, administration of justice. I was very interesting, criminal justice, and thought that would be a great place to, to put my time and effort. Restorative justice, things like that. For those who don't know, administration of justice, it turns out that's a degree if you want to be an administrator in the justice, if you wanna be a warden for a prison, basically.
So I should have done more research. It's not really where I wanted to spend my time, but I admit my first grad school class, and I was overwhelmed. I'm, I've always been a decent student, but there's a leap at grad school. At first, you have to understand things like, hey, don't try to read every word of everything they give you to read.
You don't have enough time in the day. And then you have to write papers on top of that. And I was overwhelmed. And at one point in that first class, I. Considered reaching out to somebody to, to write work for me. I actually did the investigating to look out and see there are people that'll do that if you pay them and give 'em a topic, they'll write things for you.
And I'm not proud of it. I'm, I consider myself a pretty good writer, but there was a point when I was concerned, that it might happen. Academic challenges [00:57:00] happen to everybody. I did manage to make it through that class as it turns out, and then I went and changed universities and I never really felt that way again.
'cause I got over that hump of the one class and then it realized, hey, try to read about 30% of what they give you in grad school for anybody who's going to grad school. And then figure out the rest as you go and skimm through. You can't read every word of everything. And don't worry about the writing just knock it out, right?
So we've all got stories like that someplace. It's, yeah, I've never cheated in my life, and I actually seriously considered hiring somebody to write paper for me because I was afraid I wasn't gonna be able to succeed otherwise. And apparently I wasn't gutsy enough as Jamie was to just say, I hell with that.
I'm just gonna submit it and take the zero. It's just not gonna work. I should have just done that. I, it would've been, better. But ultimately I, thankfully was able to whip something together. Granted my writing is not nearly as complicated as the kind of work that you do. Most people can whip something together.
I can't whip code together. Anyway, thank you for sharing that. By the way, both of your stories I think, are interesting stories. I think they're good, pieces for people to take something away, personally from this. And thank you for the time today for going through this, very important and somewhat complicated topic that you both managed to make [00:58:00] understandable.
I feel like I understood enough, enough to be dangerous and a little scared, but also a little optimistic. And I think that's, I'm hopeful that's what the audience takes. And again if anybody listening or watching wants more information, you can reach out to Rob or Jamie or reach out to Isaka directly, to learn more about, what's gonna happen if we don't take action, and how to avoid having quantum computing break the internet.
And what's gonna happen in this post quantum, cryptography world that we're headed for. With that, I'm gonna wrap up the show, 'cause we've run a little bit long, which is fine. That's what editing's for. But again, I want to thank my guests, Rob Clyde and Jamie Norton for being here today.
And for everybody who's been listening or watching and made it through all these episodes, thank you. Please feel free to, and repost and comment and all the things right. Subscribe, so we can keep the show going. If you like the show, let me know. If you don't like the show, let me know.
Let's figure out how to make these things better, every week. But until next time, I'm gonna sign off today. My, I'm AJ Nash, and this has been another episode of Unspoken Security.
[00:59:00]