The future won’t wait – neither should your encryption
Encryption is the backbone of modern cybersecurity. But, just like any technology, it ages – and not always gracefully. Let’s take a look at the importance of encryption in the world of access control and, in particular, for iLOQ.
In access-control solutions, multiple layers of encryption are needed to ensure the highest levels of security. They ensure that all communication between the lock and the management system is protected from interception and unauthorized access.
One of the most widely used encryption standards today is still AES-128 (Advanced Encryption Standard with a 128-bit key). It’s fast, efficient, and was very secure. But, in 2025, and specifically for iLOQ, was just isn’t good enough.
Sensitive data requiring long-term protection is at heightened risk of attack, underscoring the need for swift and strategic action. We recognized this by adopting the strongest commercially available standard – AES-256 – from day one and already built it into the iLOQ 5 Series access-management platform back in 2016.
The problem with legacy encryption
Algorithms like RSA (developed in 1977) and ECDSA (first proposed in 1992) will be broken by quantum computers thanks to Shor’s algorithm. NIST (the National Institute of Standards and Technology) set a clear timeline for phasing out such legacy algorithms. By 2030, they will be deprecated, with full disallowance by 2035.
AES-128 was approved by NIST in 2001. That’s nearly a quarter of a century ago and a lifetime in terms of technology. Back then, DVDs were still cutting edge and smartphones didn’t even exist. Sure, it has held up well. But cryptography doesn’t stand still – and neither do attackers.
Growing weaknesses with AES-128
- Quantum computing changes the game
With Grover’s algorithm, quantum computers can reduce AES-128’s effective strength from 128 bits to just 64 bits. That’s not secure by today’s standards – and will be even less so in 5–10 years.
- It’s already a legacy standard
Cryptography has a shelf life. Algorithms like DES and SHA-1 were once trusted – now they’re digital fossils. AES-128 is heading in the same direction.
- It encourages complacency
Many systems default to AES-128 simply because it’s ‘good enough’. But good-enough encryption invites bad outcomes – especially in sectors where long-term confidentiality matters (such as residential properties, healthcare, finance, government, and critical infrastructure).
AES-128 had a good run – now let it go
In 2024, NIST published Post-Quantum Cryptography (PQC) algorithms designed to resist attacks from quantum computers:
- Kyber (key exchange)
- Dilithium (digital signatures)
- Hybrid approaches (combining classical + PQC), already tested by Google, Cloudflare, and others
But while public-key crypto is the main focus of PQC, symmetric encryption still matters – and the strongest commercially available standard today is AES-256.
Don’t be fooled: AES-256 isn’t just AES-128 with a longer key. It’s significantly more resistant to quantum attacks. Even with Grover’s algorithm, which can theoretically weaken symmetric encryption, AES-256 still holds up with an effective 128 bits of security.
That said, symmetric encryption isn’t the weakest link – public-key cryptography is far more vulnerable. That’s where algorithms like Kyber and Dilithium come in. Both have been selected by NIST to lead the charge in the quantum-safe era.
What do you need to do?
If you’re still using AES-128, you’re relying on encryption designed for a world that no longer exists – it’s no longer future-proof.
Start preparing for post-quantum cryptography now. It’s no longer science fiction; it’s a necessary step to ensure future security.
AES-256 isn’t just secure now – it’s built to stand up to what’s next.
Think forward – encrypt forward
with AES-256 and post quantum cryptography.
