AES works with a shared key. This won’t work when you want to have an encrypted connection with a webshop (how would you get the key over there in a secure way?). For this you have asynchronous key algorithms such as RSA en ECDH. These algorithms can make a secure connection without anything preshared. Usually this is used to compute a shared key and then continue over AES. These asynchronous algorithms are at risk of being cracked with quantum computers.
There’s Grover’s algorithm which can help in cracking the key.
https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not#7869
Regardless, everything sane uses 256 bit AES. Should be ok for now.
AES works with a shared key. This won’t work when you want to have an encrypted connection with a webshop (how would you get the key over there in a secure way?). For this you have asynchronous key algorithms such as RSA en ECDH. These algorithms can make a secure connection without anything preshared. Usually this is used to compute a shared key and then continue over AES. These asynchronous algorithms are at risk of being cracked with quantum computers.
My point is that AES isn’t untouched by quantumn computing. We now have quantumn safe asymmetric key encryption, too.
Grover’s algorithm gives broad asymptotic speed-ups to many kinds of brute-force attacks on symmetric-key cryptography.
Source: https://en.m.wikipedia.org/wiki/Grover’s_algorithm#Cryptography