AES-128 is safe against quantum computers. SHA-256 is safe against quantum computers. No symmetric key sizes have to change as part of the post-quantum transition. This is a near-consensus opinion amongst experts and standardization bodies and it needs to propagate to the rest of the IT community. The rest of this article backs up this claim both technically and with references to relevant authorities.
Original article: https://words.filippo.io/128-bits/
TL;DR: https://hackaday.com/2026/04/25/quantum-computers-are-not-a-threat-to-128-bit-symmetric-keys/
It’s secure because it’s symmetric. It can’t be cracked because there is no exposed secondary information.
Asymmetrical encryption relies on using information which is visible to the outside world to compute two keys using math that is very difficult to reverse. Quantum computers make that math MUCH easier.
But since symmetric encryption doesn’t do that. It’s safe.
I’ll keep using AES 256 because why the heck not? The additional cost is a rounding error.
I mean, sure, don’t panic. But also, don’t hit the brakes. You might as well use the best encryption that’s readily available. Encrypted data does not have a short enough or predictable enough lifespan to justify using less than the state of the art.