… Which is why we all should immediately switch to post-quantum encryption possibly much weaker against conventional cryptanalysis. Thank you, NIST, NSA and other such respectable official bodies. Of course I believe you.

In general the whole “everyone should use standard state-of-the-art cryptography” turned out to be a con. And somehow the more “standard state-of-the-art” things were broken, the more was the confidence that they are what should be used. In the 90s “standard state-of-the-art” things were being broken casually, and non-standardized ciphers were made and used far more often than now, and somehow that was fine.

I dunno, we’re all using AES with even hardware implementations of it, potentially backdoored, and with approved recommended S-boxes, without explanation how were these chosen (“by the criteria of peace on earth and goodwill toward men” is not an explanation, a mathematical paper consisting of actions you repeat and unambiguously get the same set would be that).

I think if you are afraid of your cryptography rotting, embracing some pluralism outside of cryptography is what you should do. Like maybe partitioning (by bits, not splitting into meaningful portions god forbid) the compressed data and encrypting partitions with different algorithms (one AES, one Kuznetchik, one something elliptic, one something Chinese).