This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Red Flag Term.
A note before we begin. This entry examines the claim that RSA “is already broken,” “has already been cracked,” or “is compromised today.” I am not writing about any specific company or product. This claim is spreading quickly, often from vendors using it as a reason to buy now, and it is false as stated. There is a real concern buried inside it, which is exactly why the false version is so effective, and untangling the two is the purpose of this entry.
What Has Actually Been Factored
Start with the facts on the ground, because they are not close to the claim.
The largest number factored by Shor’s algorithm on real quantum hardware is 21, a five-bit number. In 2022, a group used a hybrid quantum-classical method to factor a 48-bit integer, which drew headlines but is still vanishingly small. The largest number ever factored by any method, using classical supercomputers, is in the range of 829 bits. RSA-2048 is 2,048 bits, and because difficulty grows extraordinarily fast with size, the distance from 48 or 829 bits to 2,048 is not a gap to be closed soon. It is a chasm. As I have laid out in detail, no one has secretly or openly broken RSA-2048 or RSA-4096, and the most aggressive credible estimates still call for millions of high-quality physical qubits running for extended periods on hardware that does not yet exist.
RSA, as deployed today, has not been broken. That is not optimism or reassurance. It is the current state of the published record.
Where the Claim Comes From
The false claim has three main sources, and it helps to recognize each.
The first is a recurring genre of hyped results. Every so often a preprint claims a shortcut to factoring, often pairing a small quantum device with a classical lattice technique, and asserts that the method could scale to RSA-2048 with a modest number of qubits. The 2022 sublinear-resource claim is the best-known example: it factored a small number and projected that 372 qubits might break RSA-2048, a projection that did not survive scrutiny and has not been demonstrated. Periodic claims using quantum annealers follow the same arc. Media coverage compresses “factored a tiny number and speculated about scaling” into “broke RSA,” and the distortion spreads.
The second source is a conflation with harvest-now-decrypt-later. Adversaries really are capturing encrypted data today to decrypt once a quantum computer exists. “Your data is being harvested for future decryption” is true and serious. It becomes false the moment it is restated as “your data is already being decrypted” or “RSA is already broken,” which collapses a future risk into a present event.
The third source is simple sales pressure. “RSA is already broken” is a more effective way to close a deal than “RSA faces a serious future threat that requires a multi-year migration.” The first manufactures emergency. The second is accurate.
The Kernel of Truth It Distorts
The reason this claim is worth a careful entry rather than a flat dismissal is that it sits on top of something true. RSA is genuinely vulnerable to quantum attack in principle, because Shor’s algorithm running on a capable machine would break it. Harvested data is genuinely at risk. Migration genuinely needs to start now, not because RSA has fallen but because moving an organization to post-quantum cryptography takes years, and because regulators, insurers, and clients are setting deadlines that arrive well before any quantum computer does.
So “you must move off RSA” is correct and urgent. “RSA is already broken” is neither, and using the false claim to motivate the correct action corrodes the credibility of the whole message.
How to Read the Claim
When you encounter “RSA is already broken,” ask three questions, and the claim resolves quickly. Broken by what method? On what hardware? At what key size? An honest answer is always some version of “a tiny number, by a hybrid technique, in a lab,” or “not yet, but it will be.” If the answer is a confident “RSA-2048, today, in production,” ask for the citation. It does not exist.
The Bottom Line
RSA-2048 has not been broken, and the demonstrated state of quantum factoring, a five-bit number with Shor’s algorithm and a 48-bit number with hybrid methods, is nowhere near it. The claim that RSA is already broken draws its power from a real underlying threat, then misstates the timeline by turning a future risk and a string of overhyped preprints into a present catastrophe. Act on the genuine concern: harvested data is at risk and migration takes years, so start now. Just do not accept the false premise that gets there by the wrong road. When a vendor tells you RSA is already broken, that is the moment to slow down, not speed up.
Quantum Upside & Quantum Risk - Handled
My company - Applied Quantum - helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto‑inventory, crypto‑agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof‑of‑value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.
