[Hasz]

Totally fair, I am conflating two pretty different things.

For symmetric crypto, there is Grover's algorithm, which we can mitigate by just doubling key size. However, for asymmetric crypto, shor's algorithm is going to wreck it; intelligence agencies are hoovering up traffic right now to crack latter when it's cheaply available.

I would point out the field is in its infancy and new attacks/discoveries will be made that will change things dramatically. These attacks also depend on having access to a "sufficiently large" quantum computer, which in my amateur opinion is 10s of years away from public availability.

There is a whole field of "post-quantumn" cryptography being discussed now, but they not really standard or ready for prime-time afaik.