Quantum Computers Are Not a Threat to 128-bit Symmetric Keys

Filippo Valsorda’s latest essay is a useful corrective for security leaders: the real post-quantum urgency is in asymmetric cryptography, not in reflexively replacing AES-128. The technical and standards evidence is clear that Grover’s algorithm does not create a practical case for treating AES-128 as broken, while NIST and BSI continue to regard modern symmetric primitives as acceptable in the post-quantum transition. The leadership lesson is straightforward: focus scarce time, budget and engineering effort on cryptographic inventory, PKI, key exchange, signatures and vendor migration readiness, rather than creating unnecessary churn through “bigger must be better” thinking.