A technically competent IT lead at a manufacturing firm receives a CipherScout report flagging a weak DKIM key on their domain. RSA-1024. High severity. He knows exactly what to do.
He logs into his DNS provider, finds the old Mimecast record he rotated away from years ago, deletes it, and replies to confirm the fix. He even pastes the new key: 2048 bits, valid, correctly configured. His third-party checker agrees. "Congratulations. Your DKIM record is valid."
The vulnerability remained in DNS untouched.
The finding was not on the Mimecast record. It was on a separate selector entirely, belonging to a different platform the organisation had migrated away from at some point. The key had never been removed from DNS. He had no idea it existed. Not because he was careless. Because nobody had a complete map of every cryptographic asset published on their domain, and there was no automated system maintaining one, until CipherScout ran. A DNS query confirmed what CipherScout had already found: a live 1024-bit RSA public key, sitting in DNS, queryable by anyone.
RSA-1024 did not become vulnerable when quantum computing entered the conversation. NIST deprecated it in 2011. NIST SP 800-131A made 2048-bit the hard minimum from 2014 onwards. This key has been classically weak for over a decade.
Any attacker with sufficient compute access can use an orphaned DKIM key to forge emails that appear to originate from the legitimate domain. The key does not need to be the active signing selector to be exploitable. It only needs to be published in DNS, which it is.
The organisation's active email security posture was fine. The vulnerability was in the residue of a migration they had long since completed.
Harvest Now, Decrypt Later is already happening. Adversaries are collecting encrypted communications today with the intent to decrypt them when cryptographically relevant quantum computers arrive. The consensus window for Q-Day sits between 2030 and 2035, with the most aggressive estimates closer to 2028.RSA-2048 is the current minimum. But it is not quantum-safe. Under Shor's algorithm, RSA-2048 falls to a sufficiently powerful quantum computer just as RSA-1024 falls to classical compute today. The difference is timeline, not safety.
What this means practically: the bar for acceptable cryptographic hygiene has shifted from "meet the current minimum" to "know every cryptographic asset you have published, assess its full exposure horizon, and maintain a continuous inventory." A key you have forgotten about cannot be assessed. It cannot be rotated. It cannot be accounted for in your post-quantum migration plan. You cannot migrate what you cannot find.
The IT lead in this scenario did everything right by conventional standards. He acted on the report promptly, rotated his active keys, cleaned up a record he knew about, and verified the result with a third-party tool. He was not negligent. He was operating with incomplete information.This is the structural problem with manual cryptographic hygiene:
Automated cryptographic discovery does not replace good practice. It gives good practice a complete surface to work on.
There's a recurring tension in every frontier technology between clarity and depth. The easier something sounds, the less seriously it's taken, and PQC is no exception.
We can't make it effortless without making it empty. And that's okay. Some subjects are meant to stretch us a little, to remind us that protecting the future isn't meant to be convenient.
Rather than 'explaining it like you're five,' I aim to explain it clearly, honestly, and accessibly, trusting readers to meet the complexity halfway.
Because clarity matters, but so does curiosity.
CipherScout is ExeQuantum's cryptographic discovery platform. It enumerates cryptographic assets across TLS, certificates, DKIM, SSH, JWT fleets, cloud KMS, source code, and API authentication surfaces, producing CycloneDX 1.7 CBOM output for integration with existing security tooling.
Learn more at exequantum.com