142
Physicists May Have Found a Hard Limit on The Performance of Large Quantum Computers
(www.sciencealert.com)
This is a most excellent place for technology news and articles.
I really hope that there isn't a cryptographically-relevant quantum computer built in our lifetimes, but we should still assume that there likely will be and accordingly should switch everything to use (hybrid) post-quantum cryptography ASAP.
Why not? I've got a hard drive which I lost the keys to I'd like to recover, and having all the old secrets out in the open would be really interesting.
It isn't expected that a quantum computer will be able to instantly break symmetric encryption, as is used in full disk encryption. It will give an enormous advantage (halving the number of bits of security) but attacking that will still require a large amount of time and energy. What a CRQC will very quickly break is the asymmetric primitives, as used in TLS, encrypted email and chats, etc.
On the other hand, using default parameters from not so long ago, it is cheaper than you might expect to brute-force your disk passphrase already today without a quantum computer... which is why you should use a stronger key derivation function (in addition to a strong passphrase, of course).
Isn't that symmetrical encryption? Quantum computers aren't really that beneficial for symmetrical encryption iirc, due to it being a process that can't be parallelized very efficiently (and quantum computers are kinda slow per operation).