Mullvad added post-quantum ciphers Kyber and McEliece, https://www.ambit.inc/pdf/KyberDrive.pdf It says "Kyber-1024 is known to have 254 bits of classical security and 230 bits of quantum security (core-SVP hardness)." For quantum computers, it requires at least triple 256-bit AES to get about 256-bit quantum security.
Thanks for the feedback. This is a question better directed at our support team (support@mullvad.net) since the app is only a small part of the affected infrastructure/code for such a change.
Mullvad added post-quantum ciphers Kyber and McEliece, https://www.ambit.inc/pdf/KyberDrive.pdf It says "Kyber-1024 is known to have 254 bits of classical security and 230 bits of quantum security (core-SVP hardness)." For quantum computers, it requires at least triple 256-bit AES to get about 256-bit quantum security.