Cryptography engineer Filippo Valsorda argues that 128-bit symmetric keys like AES-128 and SHA-256 are not threatened by quantum computers. The common fear stems from a misunderstanding of Grover's algorithm: it provides only a quadratic speedup, not exponential, and cannot be parallelized for additional gains. Asymmetric systems (RSA, ECDH) remain at risk via Shor's algorithm, but symmetric encryption is far more resilient. Additionally, current quantum hardware cannot even factor the number 21, making near-term threats largely theoretical.
Sort: