>>11
For most symmetric crypto problems a quantum computer can effectively cut key size in half, which brings a lot of unbreakable codes into the feasibly breakable range. But of course, all you have to do is double your key size to get the same safety margins back -- it's not really a bother. And it's not like anyone knows of any quantum computer large enough to perform the task.
But think about it this way. Suppose that the NSA has a quantum computer which can crack AES-128 in 2
64 operations, and they think it will be ten years before China builds one. If that were true, then anything the US government wants to keep secret for more than ten years will be encrypted with something that the NSA's hypothetical quantum computer couldn't crack. Requirements that satisfy this would show up in public NSA docs, although without the explanation why.
It's like the old story with DES. In 1975 the NSA modified the S-boxes in the DES algorithm but gave no explanation. Fifteen years later in 1990, researchers published a new type of attack (differential cryptanalysis) and discovered that the NSA-supplied S-boxes were far more resistant to the attack than one would expect were the S-boxes chosen randomly. The NSA knew about differential cryptanalysis long before it was published in the literature.
So it's unlikely that the NSA has some secret trick to cracking AES. If they did, it would be too much of a liability, because anyone else could discover the trick independently or through espionage.
If you are truly paranoid, use some stupid cascade algorithm on your data like AES-Serpent-Twofish. Make sure your key derivation algorithm is solid (use scrypt) or use randomly generated keys. But Wikileaks uses the same algorithm that the US government uses for many of its Top Secret documents, so there is little cause for worry about a direct attack.