> David E. Weekly[SMTP:[EMAIL PROTECTED]] > > Naive question here, but what if you made multiple one time pads (XORing > them all together to get your "true key") and then sent the different pads > via different mechanisms (one via FedEx, one via secure courier, one via > your best friend)? Unless *all* were compromised, the combined key would > still be secure. > > As for PKI being secure for 20,000 years, it sure as hell won't be if > those > million-qubit prototypes turn out to be worth their salt. Think more like > 5-10 years. In fact, just about everything except for OTP solutions will > be > totally, totally fucked. Which means that you should start thinking about > using OTP *now* if you have secrets you'd like to keep past when an > adversary of yours might have access to a quantum computer. I'd put 50 > years > as an upper bound on that, 5 years as a lower. > > -d > Not quite right. My understanding is that quantum computing can effectively halve the length of a symmettric key, but that does not take it down to zero.
Thus, a 256 bit key would, in a QC world, be as secure as a 128 bit key today, which is to say, pretty good. It's the asymmetric algorithms which have problems. Peter