Harvest now, decrypt later: Why today’s encrypted data isn’t safe forever

Imagine this: Someone intercepts your private messages, secures your encrypted business files, or captures classified government communications —but they can’t read any of it. Not yet anyway. But they’re not trying to crack the code today. They’re just collecting. They’re waiting.

This is the strategy behind harvest now, decrypt later (HNDL) attacks — a looming threat in the age of quantum computing.

»What is a harvest now, decrypt later attack?

At its core, HNDL is about playing the long game. The idea is simple but powerful: Attackers collect encrypted data now, knowing that in the future, quantum computers may be able to break the encryption protecting it.

Why is that such a big deal? Most of today’s encryption relies on mathematical problems that classical computers can’t solve efficiently — like factoring large numbers, which is the foundation of the Rivest–Shamir–Adleman (RSA) algorithm, or solving discrete logarithms, which are used in Elliptic Curve Cryptography (ECC) and the Digital Signature Algorithm (DSA). Quantum computers, however, could solve these problems rapidly using specialized techniques such as Shor’s Algorithm, making these widely used encryption methods vulnerable in a post-quantum world.

So, attackers don’t need to understand or decrypt your data right now. They just need to capture and store it, waiting for the day quantum computing catches up.

»Stages of an HNDL attack

There are three general stages of an HNDL attack.

»Capture now

Attackers start by intercepting encrypted data like emails, financial transactions, corporate secrets, military messages — whatever they can get their hands on. This can happen through passive eavesdropping, exploiting vulnerabilities in networks, or breaching data repositories.

Since encryption can’t be broken easily today, the attacker doesn’t even try. The goal is simply to gather and stockpile.

»Wait for the quantum leap

Quantum computing is progressing. It’s not there yet — but it's coming. When it arrives, algorithms like Shor’s will make short work of today’s encryption.

So attackers store everything they've harvested, possibly for years or decades, waiting patiently for quantum capabilities to reach a tipping point.

»Decrypt later

Once quantum computers are capable enough, the attacker turns back to their archive of encrypted data. They use quantum algorithms to break the encryption — gaining access to whatever secrets were captured long ago.

At that point, the value of the data — personal, corporate, or national — can be exploited.

»Why it’s a serious threat

What makes HNDL so dangerous is its stealth and longevity:

»Data retention

Many organizations are required — either by law, industry standards, or internal policies — to retain data for extended periods, sometimes decades. Regulations like HIPAA, GDPR, SOX, and various financial compliance frameworks mandate the long-term storage of encrypted data, especially in sectors like healthcare, finance, and government. While encryption is used to protect this data at rest, these safeguards are only as strong as the cryptographic methods they rely on.

As quantum computing advances, today’s encryption could become obsolete, meaning that data stored under regulatory requirements might one day be decrypted by attackers who have already harvested it. This creates a hidden risk: Compliance-driven data retention could unintentionally expand the attack surface for future quantum-enabled breaches, unless organizations proactively adopt post-quantum cryptographic protections.

»Invisible threat

One of the most alarming aspects of HNDL attacks is that they can happen without any visible signs of intrusion. Because the attacker’s goal is not to use the data immediately, but to quietly collect and store it for future decryption, there’s no immediate red flag — no corrupted files, no ransom notes, no system disruptions. As a result, breaches may have already occurred, but remain undisclosed or even unknown because the stolen encrypted data is not yet usable. Organizations might believe their data is safe simply because no damage has been observed, when in reality, it could already be sitting in an adversary’s archive, waiting for the day quantum computing makes it vulnerable.

»Future risk

Today’s safe data could be tomorrow’s biggest breach — especially if it’s sensitive, like credentials, PII, trade secrets, or diplomatic cables.

»Who’s at risk? Everyone

The threat posed by HNDL attacks extends far beyond governments and tech giants. Virtually anyone who transmits or stores encrypted data today could be at risk tomorrow, once quantum computing becomes powerful enough to break current encryption standards.

Government agencies are among the highest-risk targets. Diplomatic communications, military operations, intelligence reports, and classified internal memos are all of great interest to adversarial nation-states. While this data may remain protected by encryption for now, quantum computing could one day expose these sensitive materials, potentially compromising national security or diplomatic relations.

Corporations and enterprises are also prime targets, especially those in industries such as technology, pharmaceuticals, energy, defense, and finance. Intellectual property, product designs, proprietary algorithms, research data, and strategic business plans may all be encrypted and stored in cloud systems or internal servers today, but attackers are already harvesting this information in anticipation of decrypting it when the tools become available. The economic and competitive advantages of accessing this kind of information make it incredibly attractive to both cybercriminals and state-sponsored actors.

Individuals are not exempt from the risks. Anyone who transmits personal information online — whether through banking, shopping, messaging apps, or healthcare platforms — relies on public-key encryption to secure their data. If that data is intercepted today and decrypted years from now, it could lead to identity theft, financial fraud, or the exposure of private conversations and sensitive health records. This is especially true for high-profile individuals, journalists, activists, or political dissidents who may be targeted for surveillance.

The financial sector is another high-risk area. Banks, payment processors, and fintech platforms use cryptographic protocols to secure transactions, customer data, and backend communications. A successful HNDL attack on this sector could have massive implications, such as retroactive fraud, access to transaction histories, or manipulation of stored financial records.

Healthcare organizations also hold vast amounts of long-term data, including medical histories, genomic information, and insurance claims. While this data is protected by law and by encryption, attackers could harvest and store it for future decryption, potentially violating patient privacy or targeting individuals based on sensitive health conditions.

Educational and research institutions are increasingly targeted as well, particularly those conducting cutting-edge research in technology, engineering, or defense. While academia is traditionally open and collaborative, sensitive research data may still be encrypted and stored — making it another valuable future target.

Even Internet of Things (IoT) device manufacturers and users should be concerned. Many IoT devices, from smart homes to industrial sensors, use outdated or lightweight encryption due to limited processing power. These devices are often deployed for years without upgrades, making them ideal candidates for HNDL harvesting, especially as attackers seek to exploit massive volumes of data from connected environments.

In short, any person or organization that uses encryption today should be thinking about quantum resilience tomorrow. The playing field is broad, and the clock is ticking.

»Common types of HNDL attacks

Here’s how attackers collect encrypted data today:

• Passive eavesdropping: Quietly intercepting encrypted web traffic or emails without altering them.
• Data repositories: Breaching cloud services or file backups to copy encrypted files.
• Man-in-the-middle (MITM): Actively intercepting secure communications in real time.
• Key exchange interception: Capturing data during secure key negotiations like RSA or Diffie-Hellman.
• Archival targeting: Accessing long-term storage, knowing the data will still be useful years down the line.

»How to defend against HNDL attacks

While we wait for quantum computers to mature, we’re not helpless. There are several proactive defenses your organization can consider.

»Post-quantum cryptography (PQC)

Organizations don’t need to wait for quantum computing to become mainstream to begin preparing. In fact, some tools are already making PQC experimentation and integration possible today.

For example, Vault Enterprise 1.19 introduced support for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) within its Transit Secrets Engine. This engine is used to perform cryptographic operations on data in transit, essentially offering encryption as a service for applications. It allows developers to offload the complexity of encryption and decryption to Vault, while still maintaining security and compliance standards.

The integration of ML-DSA into Vault means that organizations can now start testing PQC algorithms in controlled environments — experimenting without fully committing, but still building the knowledge and infrastructure needed for a future transition. These early capabilities are essential for understanding how PQC will impact performance, compatibility, and security in production systems.

HashiCorp is making ongoing investments in this area, with upcoming support for Secure Hash Digital Signature Algorithm (SHA-DSA) in future releases, further expanding the toolkit for post-quantum readiness.

Transitioning to PQC isn't just a theoretical exercise — it's a practical necessity. The sooner organizations begin experimenting with and adopting quantum-resistant cryptography, the better prepared they'll be when the quantum era arrives. Waiting too long could mean that data being encrypted today may no longer be secure tomorrow, especially if it’s already being silently harvested.

»Forward secrecy

Use encryption protocols that generate temporary session keys. This way, even if one key is compromised in the future, the data from that session remains secure.

»Re-encryption

Periodically re-encrypt stored data with newer, more secure algorithms — ideally ones resistant to quantum threats.

»Quantum key distribution (QKD)

Quantum Key Distribution (QKD) is a cutting-edge method for securely exchanging encryption keys using the principles of quantum mechanics. It relies on quantum particles — like photons — to transmit keys in a way that any eavesdropping attempt would disturb the particles and alert both parties. This makes it theoretically impossible for attackers to intercept the key without being detected. While still in development and limited in real-world deployment, QKD holds strong potential for ultra-secure communications in a post-quantum world.

»Final thoughts: Prepare now or pay later

Harvest now, decrypt later attacks are not a sci-fi scenario, they’re a current strategy, anticipating a very real future. The attackers are already at work, gathering encrypted data and playing the long game.

We don’t know exactly when quantum computers will become capable of breaking today’s encryption. But when they do, the data harvested today will be ripe for exploitation.

So don’t wait. Start preparing for the post-quantum world now — before your encrypted data becomes someone else’s decrypted treasure. Here are some other PQC-related resources from HashiCorp:

• NIST’s post-quantum cryptography standards: Our plans
• Start planning for quantum computing cyberattacks now