Do we need a new session paradigm? Could quantum crack it?

2 points by danschumann ↗ HN
Currently, a lot of websites "trust" the session because it would be very hard to crack.. and therefore variables like `user_id` are stored on the session, and that's cool because a user couldn't decrypt, change the user_id, and re-encrypt it.

But, if quantum computers make it possible to crack session encryption pretty easily.. well.. what about just a long token for a user.. and the actual user_id values are stored in the database, keyed by the token?

1 comment

[ 2.2 ms ] story [ 15.4 ms ] thread
Quantum algorithms have the potential to crack public key algorithms, affecting things like SSL. Session data would not be encrypted with a public key algorithm.