Quantum-Safe and Quantum-Broken Crypto Algorithms
Most cryptographic hashes (like SHA2, SHA3, BLAKE2), MAC algorithms (like HMAC and CMAK),
key derivation functions (bcrypt, scrypt, Argon2) are basically quantum-safe (only slightly affected
by quantum computing).
→ Use 384-bits or more to be quantum-safe (256-bits should be enough for long time)
Symmetric ciphers (like AES-256, Twofish-256) are quantum safe.
→ Use 256-bits or more as key length (don’t use 128-bit AES)
Most popular public-key cryptosystems (like RSA, DSA, ECDSA, EdDSA, DHKE, ECDH, ElGamal)
→ Most digital signature algorithms (like RSA, ECDSA, EdDSA are quantum-broken!
→ Quantum-safe signature algorithms and public-key cryptosystems are already developed
(e.g. lattice-based or hash-based signatures), but are not massively used, because of longer keys
and longer signatures than ECC)
What kind of cryptographic algorithms does QubesOS use? Is is quantum-safe?