https://words.filippo.io/128-bits/
Article
-
Filippo Valsorda argues Grover’s algorithm doesn’t make 128-bit symmetric keys insecure.
-
Grover halves effective key length in theory, but parallel quantum speedup is minimal.
-
Practical quantum attack on AES-128 would require absurd time or resources.
-
Shor (asymmetric) threats are real; Grover (symmetric) threats are vastly overstated.
Discussion
-
Strilanc (quantum researcher): entirely correct, well-known in the field but underappreciated.
-
Commenters note RSA/ECC are genuinely vulnerable to Shor; symmetric keys are not.
-
WPA3’s shift from AES to ECDH flagged as potential future e-waste problem for IoT devices.
-
Aggressive key rotation proposed as practical mitigation even for asymmetric schemes.
Discuss on HN
