Due to the possibility of finding more efficient algorithms? Wouldn't that rule out RSA-any size?
1024 bit RSA keys are considered mildly secure because they are breakable with a large budget.
There are a few algorithms resistant against quantum computers, based on alternative problems. A good reference of the main, usable ones, is at http://pqcrypto.org/.
Quantum computers can also speed up exhaustive searches (see Grover's algorithm) and collision searches, but this is easily mitigated by increasing symmetric key sizes to e.g. 256 bits up from 128.
Slashdot Mirror
It's a collision, not preimage, attack. The attack was later improved to 2^63, which is certainly doable.
Due to the possibility of finding more efficient algorithms? Wouldn't that rule out RSA-any size? 1024 bit RSA keys are considered mildly secure because they are breakable with a large budget.
There are a few algorithms resistant against quantum computers, based on alternative problems. A good reference of the main, usable ones, is at http://pqcrypto.org/. Quantum computers can also speed up exhaustive searches (see Grover's algorithm) and collision searches, but this is easily mitigated by increasing symmetric key sizes to e.g. 256 bits up from 128.