Most FDE schemes seem to use AES-XTS with 128-bit effective key size (256 bit key, split, =AES-XTS-128). So we can treat this as AES-128.
Grover's algorithm, as I understand things, means that AES-128 is not post-quantum secure at all. Sufficiently powerful adversaries could begin collecting AES-128 encrypted drives now, and feasibly decrypt them when quantum computing is practical (which, for all we know, it already is.)
Doesn't this mean FDE solutions need to migrate to 256-bit effective key strength ASAP? For XTS that means a 512-bit key for AES-XTS-256.
This is too complicated do you have any memes
> when quantum computing is practical (which, for all we know, it already is.)
I think practical isn't really a description of the current state of quantum computing.
However, it it were, beating a fully entangled quantum computer is going to require more than just an increased key size. You'd want to switch to lattice base crypto. Which, while not completely tested, show promise against both traditional and quantum attacks.
>>57302198
>using NIST algoritms
>ever
Stop using AES and switch to SERPENT-XTS-512
as for asymmetric algos use trust algos from djb
>unironically believes AES can survive quantum computing by increasing the bit length
lookup netsec general on the wiki, already exists and is what you wanted
>>57302198
>when quantum computing is practical
Why can't these enormous bitcoin mining farms do this?
>>57302208
Here you go, friend.
https://i.4cdn.org/wsg/1476619728127.webm
>>57304001
because math is a bitch but quantum computing works differently and obeys different laws
>>57304068
Thanks for the seizure and soiled pants.
>>57304105
You soiled your own pants
Don't put this on me
>>57304158
Actually, I was wearing my dads pants. Not cool.