{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibkaldwtynmw5r44vg5l5oojtre5diwm2mhzgbf4nh6yd3oluyt2q",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mj5hhjm3pmr2"
  },
  "path": "/t/a-cryptography-engineer-s-perspective-on-quantum-computing-timelines/37010#post_8",
  "publishedAt": "2026-04-10T13:45:28.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "https://quantumcomputing.stackexchange.com/a/5806"
  ],
  "textContent": "marcos-morar43:\n\n> 128-bit encryption is in severe danger.\n\n“Severe danger” is quite a stretch. Grover’s algorithm is not very parallelizable [1]. It can reduce the search space of a 128-bit key to 2^64, but it can’t search that 2^64 key space as efficiently as classical attacks would.\n\nThere is still some risk, of course, and long-term fixed keys like those used for disk encryption should absolutely be 256-bits as a result, but it is very possible that QRCs are not able to meaningfully threaten symmetric cryptography. This is why all PQC efforts are currently focused on asymmetric cryptography.\n\n[1] https://quantumcomputing.stackexchange.com/a/5806 (has more citations to specific papers about this too)",
  "title": "A Cryptography Engineer’s Perspective on Quantum Computing Timelines"
}