Skip to content
QS-aes-128medium

AES-128

Description

AES-128 effective key strength drops to 64 bits under Grover's algorithm.

Quantum Threat

Weakened by Grover's algorithm (effective key length halved) or vulnerable to classical attacks under certain conditions.

Recommended Replacement

AES-256

Suppressing False Positives

Add a suppression comment on the flagged line, or the line above it:

// quantumscan-ignore
const algo = "RSA"; // quantumscan-ignore

Or create a .quantumscan-ignore file in your project root to suppress by rule ID or file path:

# Suppress this rule in all files
aes-128

# Suppress this rule only in test files
aes-128:src/**/*.test.ts

# Suppress all rules in legacy files
src/legacy/**

Regulatory & Standards References

NIST FIPS 203

ML-KEM (Kyber) — key encapsulation replacement for RSA/ECDH

NIST FIPS 204

ML-DSA (Dilithium) — signature replacement for ECDSA/RSA-sign

NIST FIPS 205

SLH-DSA (SPHINCS+) — hash-based signature fallback

NSA CNSA 2.0

Mandates ML-KEM-1024 + ML-DSA-87 for US national security systems. New systems: 2030. Legacy: 2033.

DORA Art. 7(2)(c)

EU Digital Operational Resilience Act — ICT risk management must ensure cryptographic agility and algorithm rotation capabilities.

NIS2 Art. 21(2)(h)

EU Network and Information Security Directive — adequacy of encryption and cryptographic standards as a baseline security measure.

Run a full AI-powered scan on your repository

QuantumScan detects this and 100+ other quantum-vulnerable patterns, then generates per-finding migration code diffs.

Scan your repository →