WGU Introduction to Cryptography Exam - Topic 3 Question 5 Discussion

Cryptography must evolve because threats, computing capabilities, and attack techniques continuously change. Algorithms once considered safe can become vulnerable due to cryptanalysis, implementation attacks, protocol flaws, or sheer increases in available compute power. Examples include the deprecation of SHA-1 for signatures, weakening of RC4, and migration away from older TLS versions and weak cipher suites. Frameworks also need to adapt to new environments---cloud architectures, IoT deployments, mobile devices---and new adversary models, including the long-term risk posed by quantum computing to current public-key systems. Adaptation includes updating standards, increasing key sizes where needed, adopting modern primitives (AEAD modes, stronger KDFs), improving key management practices (rotation, hardware-backed storage), and refining operational guidance (certificate lifetimes, revocation strategies). A rigid structure that never changes would lock organizations into obsolete protections and accumulate risk. Standardizing obsolete techniques or complying with outdated standards is the opposite of sound security engineering. Therefore, cryptography frameworks must adapt over time to respond to emerging threats and vulnerabilities and to maintain effective protection as the landscape evolves.