
Do we need a new session paradigm? Could quantum crack it? - danschumann
Currently, a lot of websites &quot;trust&quot; the session because it would be very hard to crack.. and therefore variables like `user_id` are stored on the session, and that&#x27;s cool because a user couldn&#x27;t decrypt, change the user_id, and re-encrypt it.<p>But, if quantum computers make it possible to crack session encryption pretty easily.. well.. what about just a long token for a user.. and the actual user_id values are stored in the database, keyed by the token?
======
sasasassy
Quantum algorithms have the potential to crack public key algorithms,
affecting things like SSL. Session data would not be encrypted with a public
key algorithm.

