I just want to note you only need an algorithm that protects against 2^80 quantum operations for short-term keys.
Regardless, I doubt anyone is going to be spending a billion dollars to crack data sent over a single Tor connection. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev