In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with David Pollak, founder of Spice Labs and creator of the Lift web framework, to unpack post-quantum cryptography and why the migration window is shorter than most teams realize. Google now estimates elliptic curve encryption could be breakable by quantum computers in 2029, putting the trust layer behind every bank transaction, signed document, software update, and Bitcoin wallet on a fixed timeline.

David draws on a career that spans writing software for FEMA at 14, beating Lotus in the NeXT spreadsheet market, diagnosing Twitter's original Fail Whale, and years at Cisco's firewall group. The conversation moves from the mechanics of Shor's algorithm and lattice-based replacements to the harder problem underneath: discovering where cryptography actually lives across millions of microservices, legacy mainframes, and post-build artifacts that no SBOM tool can see.

The episode reframes the post-quantum transition as a discovery and prioritization problem before it is a remediation one. Viktor and David cover crypto agility, the hardware root-of-trust gap in TPMs and HSMs, why the forgery threat is bigger than harvest-now-decrypt-later, and what engineering teams should be doing in the next three years.