Do we need a new session paradigm? Could quantum crack it?

		Do we need a new session paradigm? Could quantum crack it?
		2 points by danschumann on Oct 24, 2019 \| hide \| past \| favorite \| 1 comment
		Currently, a lot of websites "trust" the session because it would be very hard to crack.. and therefore variables like `user_id` are stored on the session, and that's cool because a user couldn't decrypt, change the user_id, and re-encrypt it. But, if quantum computers make it possible to crack session encryption pretty easily.. well.. what about just a long token for a user.. and the actual user_id values are stored in the database, keyed by the token?

sasasassy on Oct 24, 2019 [–]

Quantum algorithms have the potential to crack public key algorithms, affecting things like SSL. Session data would not be encrypted with a public key algorithm.