Post quantum cryptography and veracrypt

Can anyone tell me if Veracrypt archives can be use safely in quantum computers times and if yes, how should I set an archive to be most convinient (e.g. 4 keyfile files + PIM + xnumber password)?

I refer to this:

But from it I do not understand, what is a thread for Veracrypt.
Should I use AES-256 and normal password and than have AES-128?
But they states: Larger Key Sizes Needed - what does it mean for Veracrypt?

Look, i not understand post right but if you asking about how to protect yourself from quantum PCs break your encryption. You can use AES256 with 7 (or more) random words generated password (you can use bitwarden) and as you might guessed the more password is longer the more harder to decrypt (and maybe more time to encrypt) or you can use GPG to encrypt single files and again use long password

Using a quantum computer to crack a veracrypt archive is … well a long time away. The Veracrypt team are aware of this, you can read a thread about it here

Why limit yourself to just AES? Veracrypt provides a plethora of options.

Ghostcrypt was a great alternative to Truecrypt but sadly has been discontinued, but you can still use it as is. It does have some interesting info on their site about the NSA and NIST.

Since the late 70s, most of the algorithms used (not to say all) are UKUSA encryption systems that have been chosen, promoted and standardized under the control of the USA and its satellite countries. It is more than likely that among the different levels of control, mathematical trapdoors are part of the game or a minima that there exist unidentified weaknesses that are however known but non disclosed by the entities that have organized or supported the choice of encryption standards (mainly NSA in relationsship with NIST and possibly standardization organizations, the recent case of the Dual_EC_DRBG algorithms, revealed by Snowden is more than illustrative). We would stress on the point that we can accept the idea that neither V. Rijmen nor J. Daemen have intendly put any mathematical backdoor in the Rijndael algorithm. However it is likely that the choice of this finalist (by the NSA and the NIST) may have been driven by the knowledge of weaknesses that are still unsuspected by the Rijndael authors(they however admit that they could exist, refer to their book [The Design of Rijndael, Chap. 9, page 124, paragraph 2]) but identified by the technical prescribers of the AES contest… We thus decided to used strong encryption systems (as far as we know and despite a few recent ‘manipulation papers’ that are mistaken operational security with fantasy and which have been rejected recently again as non valid [Babenko & Maro, 2014]). Moreover these systems are not invasive as UKUSA ciphers are (mostly AES) by now. The Gost cipher and hash functions are not everywhere, have not invaded our systems and have been designed by the former USSR for its own need. Aside the fact that it is indeed a very strong cipher (when correctly implemented and a suitable key management), this feature of non-aggressive technological expansion is a key point. GOST algorithms have never sought to spread and to impose on anyone. It has even been rejected from the ISO standardization process in 2012 as a consequence of fallacious, non-reproducible allegations of weakness.

Quantum computers are primarily a threat to asymmetric encryption (aka public-key encryption) and other cryptographic operations that rely on certain mathematical operations. Current computers can’t easily conduct prime factorization or solve the discrete logarithm problem. These mathematical problems are the core of RSA, elliptic-curve cryptography, Diffie-Hellman key exchange, DSA etc. These schemes are used by OpenPGP, TLS, SSH, OTR etc. We can expect that these schemes will be insecure. In summary, today’s transport encryption on the internet will be broken.

On the other hand, quantum computers are expected to halve the actual key sizes of symmetric cryptography. So in a post-quantum world AES-256 will offer the security of AES-128, and AES-128 will only offer security similar to AES-64 (which doesn’t exist and should be considered insecure even today).

Besides, all symmetric block ciphers (like AES) use so-called block cipher modes. Several block cipher modes are considered insecure today (like ECB and CBC under certain conditions), and many of today’s secure block cipher modes like GCM will likely become insecure in a post-quantum world. So you not only need to choose AES-256 instead of AES-128, but also use one of the remaining block cipher modes.

You should use symmetric encryption like AES-256.

If we assume that VeraCrypt implemented everything correctly, quantum computers won’t immediately break symmetric crypto, and you chose a sufficiently strong password/passphrase, then your container should be still secure in a post-quantum world.


A blog post talking about this on PTio would be really awesome since it is a topic that it is quire present nowadays and could help to calm some paranoids on Reddit.