AES, twofish and DES are symmetric algorithms and are only vulnerable to having their key spaces halved. That means that a sufficiently powerful quantum computer could break AES-128 and Twofish-128 but not AES-256 or Twofish-256. DES is already breakable by classical computers as it only has a 56 bit key space. DES was replaced with Triple DES, but even that is already nearly breakable by classical computers, it might even already be. Triple DES was replaced by AES. As far as RSA and ECC go, I don't know. I am not an expert on the current state of quantum computers. I know when I first got into cryptography (as a hobbyist, not a professional, as I am not a cryptographer), the cryptographers seemed to think that RSA-2,048 would never be broken. Today many cryptographers are designing new asymmetric algorithms because they think multi-prime-RSA with less than 2^32 4,096 bit primes could potentially be broken in the near-distant-future. It entirely depends on the speed with which it takes for true quantum computers with large numbers of stabilized qubits to be realized. Some people seem to expect an exponential increase in stabilized qubits over the next few years, others seem to think this will not happen, and others still say that nobody knows what unforeseen issues the researchers/developers will run into, so nobody can say for sure. I will say that these days cryptographers have less faith in the long term viability of RSA and ECC than they did just a handful of years ago. I am replacing AES etc with RSA and ECC every time, because you seem to have confused the algorithms that are particularly weak to quantum computing attacks. The answer is yes. There are already implementations of asymmetric algorithms that are not weak to any known quantum based attacks. If there is a period of time when people currently using RSA and ECC are vulnerable to quantum computing based attacks, it will be because the people making standards like TLS and OpenPGP, and people making software like Tor and GPG, are not quick enough to integrate the post quantum algorithms prior to the realization of powerful quantum computers. Truecrypt uses symmetric algorithms and is already quantum resistant. I don't know if the people developing standards and software will switch to quantum resistant algorithms prior to the creation of powerful quantum computers. I don't think they would have a terribly hard time to do so though. To the best of my understanding upping the key space of an asymmetric algorithm does make it more resistant to quantum computers, in that the quantum computer must possess more stabilized qubits in order to successfully attack it. After all, Shors algorithm has already been run successfully on quantum computers, and has factored two digit numbers into primes, but that is a long way away from breaking RSA. However, some people expect a rapid increase in the number of stabilized qubits. However, a quantum computer with enough stabilized qubits to attack RSA-4,096 would be capable of almost instantaneously decrypting anything that is encrypted with RSA-4,096. There is a paper by the cryptographer D.J. Bernstein where he estimates that quantum resistant RSA will have keys that require multiple hard drives to hold: cr.yp.to/talks/2010.05.28/slides.pdf He is discussing multi-prime-RSA though, not the effect of increasing bit strength of traditional RSA. However, he seems to start from the position that traditional RSA is screwed in a post quantum world, and is jokingly suggesting multi-prime-RSA as an overlooked quantum resistant algorithm. Almost all of the current widely used asymmetric algorithms are extremely vulnerable to quantum computing based attacks. Symmetric algorithms hold up much better, with the best quantum attack against them only halving their key space. edit: clarified by changing 'RSA-8.79609302210 could potentially be broken' to 'RSA with less than 2^32 4,096 bit primes could potentially be broken', as it is in reference to the number of total bits making up all of the primes in multi-prime-RSA, rather than the size of single primes in traditional RSA.