Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In practice schemes based on cryptographic hash functions work just as well and are quantum resistant. 512-bit key length is safe from quantum computers. Use bcrypt, Argon2 if you are pessimistic.

Using side channel to share single 512-bit key that is used to generate other keys keys is enough.




The best known quantum attack against symmetric ciphers uses Grover's algorithm to effectively halve the key size. AES-128 is considered secure against classical attacks, so assuming you have a secure side channel for key distribution, AES-256 is sufficient to defeat quantum attacks.


I assume that we are talking about situations where public key cryptography is used.

If you share one master key for long time, having (effectively) 128-bit secret shared state is too small.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: