Technology

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

Source

Ars Technica

Published

Apr 21, 2026

TL;DR

AI Generated

AES 128 encryption is deemed secure in a post-quantum world, despite concerns raised by some about its vulnerability to quantum computing. The widely used AES 128 variant of the Advanced Encryption Standard has stood the test of time with no known vulnerabilities in its 30-year history. While amateur cryptographers have theorized about potential weaknesses using Grover's algorithm, the reality is that breaking AES 128 would still require an unfeasible amount of time and resources, making it a reliable choice for encryption. The key lies in the complexity of brute-force attacks and the inability of quantum computers to parallelize the workload effectively.

Read Full Article

How a USB-connected speaker can infect a PC without ever being touched

A researcher discovered a vulnerability in the Sound Blaster Katana V2X speaker that allows a Bluetooth device to connect to a PC via USB without authentication or pairing. The Creative Transport Protocol (CTP) used by the speaker enables commands like changing LED colors and equalizer settings, as well as uploading new firmware without security measures. This flaw could potentially lead to remote code execution on the targeted device, highlighting a security risk in USB-connected speakers.

Ars Technica•

1 week ago

Dashlane explains how attackers managed to download encrypted password vaults

Attackers targeted Dashlane users by abusing the device enrollment mechanism, sending automated requests to registered email addresses to download encrypted password vaults. Dashlane's security systems detected the attack and locked targeted accounts, preventing widespread data breaches. The attackers managed to access fewer than 20 personal user vaults before the operation was halted. Dashlane's verification process requires a one-time six-digit token sent to the user's email for device enrollment, ensuring security measures are in place to protect user data.

Ars Technica•

1 week ago

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dashlane issued a security advisory about attackers obtaining 20 encrypted user vaults through a brute force attack on 2FA protections. Users are confused by the notification process and lack of information from Dashlane, leading to discussions on social media. The attack involved guessing passcodes within a three-hour window, raising questions about the feasibility of such a large-scale breach. Dashlane's response to the attack and potential rate limiting measures are unclear, leaving users concerned about the security of their accounts.

Ars Technica•

1 week ago

Dozens of Red Hat packages backdoored through its official NPM channel

Red Hat's official NPM accounts were compromised, leading to the distribution of a malicious worm that steals sensitive credentials across machines. The attack targeted the @redhat-cloud-services channel, a trusted source for Red Hat packages, affecting over 30 packages. The malware collects credentials during the npm install process and spreads by republishing infected packages to other accounts. Organizations are advised to consider systems that installed the affected packages as potentially compromised, as the payload executes during installation, not runtime use. The malware encrypts and sends credentials through web requests, with a fallback option to publish data to compromised GitHub repositories.

Ars Technica•

2 weeks ago

How a USB-connected speaker can infect a PC without ever being touched

Ars Technica•

1 week ago

Dashlane explains how attackers managed to download encrypted password vaults

Ars Technica•

1 week ago

Can't make sense of Dashlane's vault theft notification? You're not alone.

Ars Technica•

1 week ago

Dozens of Red Hat packages backdoored through its official NPM channel

Ars Technica•

2 weeks ago

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

TL;DR

Similar Articles

How a USB-connected speaker can infect a PC without ever being touched

Dashlane explains how attackers managed to download encrypted password vaults

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dozens of Red Hat packages backdoored through its official NPM channel

We use cookies

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

TL;DR

Similar Articles

How a USB-connected speaker can infect a PC without ever being touched

Dashlane explains how attackers managed to download encrypted password vaults

Can't make sense of Dashlane's vault theft notification? You're not alone.

Dozens of Red Hat packages backdoored through its official NPM channel