In addition to the usual argument about the impracticality of the one time pad. There is also that it is symmetric cryptography (the one time pad is a shared secret).

Symmetric algorithms (AES-256 in particular) are generally considered to be quantum resistant. Here is what written about it in the article.

> Symmetric cryptography, using a single secret key to encrypt and authenticate data: In our current understanding, symmetric cryptography is not impacted by quantum computers for all practical purposes. Grover's algorithm could be used as an attack here, but is currently considered infeasible for even medium-term quantum computers. (See "Reassessing Grover's Algorithm, 2017")

The algorithms most affected by quantum cryptanalysis are public key (asymmetrical) algorithms, because we already have effective quantum algorithms against them (Shor's in particular). We are not even close to having the computer though.

excellent explanation.

OTP is deeply impractical.

How do you distribute your pads? (hint: it's a chicken-and-egg problem, you need a secure channel)

How do you ensure they're only ever used once?

In its most obvious instantiation, you get no authentication. So now you have to build an authentication mechanism on top. There's simply no point, when we have better solutions already.

And to top it all off, symmetric ciphers aren't threatened by quantum computing in the first place.

One-time pads just trade an encryption problem for a secure key distribution problem, the latter being much, much harder.

How do you solve the key issue with Vername? It requires a secret key of the same length as the plaintext.