Cybersecurity 101back-iconWhat is Harvest now, decrypt later (HNDL)?

What is Harvest now, decrypt later (HNDL)?

Harvest now, decrypt later (HNDL) is a cyberattack strategy where threat actors steal encrypted data today and store it until future technology, especially cryptographically relevant quantum computers, can decrypt it.

HNDL matters because encryption does not make stolen data useless forever. If the encrypted information has long-term value, attackers may wait years for stronger computing methods, broken algorithms, leaked keys, or implementation weaknesses to make decryption possible.

How does harvest now, decrypt later work?

In an HNDL attack, the attacker does not need to break encryption immediately. Instead, they capture encrypted network traffic, backups, databases, emails, certificates, or key material and archive it for future use.

This risk is especially relevant to public key cryptography, where algorithms such as RSA and elliptic curve cryptography could be weakened by sufficiently capable quantum computers. Symmetric encryption is also affected by quantum computing, but strong key sizes can generally provide more resilience.

The main concern is not ordinary short-lived data. It is information that must remain confidential for many years.

  • Government and defense communications
  • Healthcare records and personal identifiers
  • Financial, legal, and merger-related documents
  • Intellectual property and source code
  • Long-lived secrets, certificates, and private keys

Why what is HNDL is now a security planning question

The question “what is HNDL” is no longer theoretical for security teams. Organizations are already planning for post-quantum cryptography because migration takes time. Cryptographic assets are often spread across apps, devices, APIs, VPNs, certificates, mobile endpoints, and third-party systems.

A practical HNDL risk assessment asks two questions: what encrypted data could be valuable in ten or more years, and which cryptographic systems protect it today?

For enterprises, this connects directly to PKI, certificate lifecycle management, device trust, and secrets governance. Platforms such as Hexnode can support the operational side by helping teams enforce device security policies, manage certificates on endpoints, and reduce exposure from unmanaged or non-compliant devices.

How can organizations reduce HNDL risk?

Reducing HNDL risk starts with visibility. Security teams need an inventory of cryptographic algorithms, certificates, keys, protocols, and systems that protect sensitive data.

They should then prioritize high-value, long-retention data and prepare for crypto-agility. Crypto-agility means the ability to replace algorithms, rotate keys, update certificates, and change cryptographic configurations without redesigning entire systems.

Useful steps include:

  • Classify data by confidentiality lifetime.
  • Identify where RSA, ECC, TLS, VPN, and certificate dependencies exist.
  • Shorten certificate lifetimes where practical.
  • Strengthen key management and secrets rotation.
  • Monitor post-quantum cryptography standards and vendor support.
  • Plan staged migration instead of waiting for an emergency.

HNDL is ultimately a time-based risk. If attackers can collect encrypted data now and decrypt it later, the best defense is to make today’s encryption, keys, and systems easier to upgrade before that later date arrives.

FAQs

No. HNDL is the data-harvesting strategy. Quantum computing is one possible future method that could make some harvested encrypted data easier to decrypt.

Crypto-agility means an organization can replace weak algorithms, rotate keys, and update certificates quickly when cryptographic requirements change.

Data with a long confidentiality lifetime is most exposed, such as health records, legal files, government data, trade secrets, and long-lived credentials.