Quantum cryptography will be of little practical value for the average
person. That's because you need to get photons unchanged from one
person to the other. This requires either a line of sight or a fiber
optic cable, neither of which is likely to be available.
Quantum computers allow fast search for symmetric ciphers like DES
or AES. The effect is essentially to halve the key size. A 128 bit key
attacked by a QC becomes as strong as a 64 bit key would be attacked by
conventional computers. The new AES standard provides for 256 bit keys.
These will still provide 128 bits of strength against quantum computers,
making them practically invulnerable. So QCs will provide no significant
problems against symmetric ciphers once AES is in widespread use.
Quantum computers also allow fast factoring and finding discrete logs,
essentially destroying the principles behind the most widely used
public key systems. This uses Shor's algorithm, which works by finding
the period of a sequence. The recent IBM announcement was apparently
an implementation of just this algorithm for a 5 bit QC.
Hence it will be necessary to scale up the QC from 5 bits to 1024 bits
or more. This will take years of work and no one knows if it will be
possible. If it happens, people will have to switch to keys larger than
the largest quantum computers, which will probably be a losing battle;
or they will have to use the more obscure, less efficient and possibly
less secure public key alternatives. No doubt if large QCs appear on
the horizon we will see considerably more cryptographic effort put into
developing and establishing the security of alternative methods for PKC.
