Contrary to popular superstition, AES 128 is just fine in a post-quantum world
Summary
The Ars Technica piece argues that AES-128 remains secure in a post-quantum world, countering the belief that quantum computers will instantly break symmetric keys. It explains how Grover’s algorithm affects security, why parallelization does not trivially weaken AES-128, and cites reputable sources (NIST, BSI, Jaques) to support the view, while noting NSA’s preference for AES-256 in some cases.