Comment by rjst01
8 months ago
> Encryption for 30 years ago? Trivially breakable with quantum
I wouldn't be so sure - quantum computers aren't nearly as effective for symmetric algorithms as they are for pre-quantum asymmetric algorithms.
8 months ago
> Encryption for 30 years ago? Trivially breakable with quantum
I wouldn't be so sure - quantum computers aren't nearly as effective for symmetric algorithms as they are for pre-quantum asymmetric algorithms.
I would go as far as saying anyone who mentions quantum computers breaking block encryption doesn’t know what they’re talking about.
Regardless of the parent's statement, just normal compute in 30 years, plus general vulnerabilities and weaknesses discovered, will ensure that anything encrypted today is easily readable in the future.
I can't think of anything from 30 years ago that isn't just a joke today. The same will likely be true by 2050, quantum computing or not. I wonder how many people realise this?
Even if one disagrees with my certainty, I think people should still plan for the concept that there's a strong probability it will be so. Encryption is really not about preventing data exposure, but about delaying it.
Any other view regarding encryption means disappointment.
> I can't think of anything from 30 years ago that isn't just a joke today.
AES is only 3 years shy of 30.
If you used MD5 as a keystream generator I believe that would still be secure and that's 33 years old.
3DES is still pretty secure, isn't it? That's 44 years old.
As for today's data, there's always risk into the future but we've gotten better as making secure algorithms over time and avoiding quantum attacks seems to mostly be a matter of doubling key length. I'd worry more about plain old leaks.
I'll concede your point re: current status of some encryption. However there are loads that were comprised.
How do you tell which will fall, and which will succeed in 30 years?
All this said, I just think proper mental framing helps. Considering the value of encrypted data, in 30 years, if it is broken.
In many cases... who cares. In others, it could be unpleasant.
2 replies →
>normal compute
You are underestimating the exponential possibilities of keys.
>plus general vulnerabilities and weaknesses discovered, will ensure that anything encrypted today is easily readable in the future.
You can't just assume that there is always going to be new vulnerabilities that cause it to be broken. It ignores that people have improved at designing secure cryptography over time.
From a security perspective, I argue ypu must assume precisely that.
An example being, destroying sensitive backup media upon its retirement, regardless of data encryption.
> I can't think of anything from 30 years ago that isn't just a joke today
The gold standard 30 years ago was PGP. RSA 1024 or 2048 for key exchange. IDEA symmetric cipher.
This combination is, as far as I am aware, still practically cryptographically secure. Though maybe not in another 10 or 20 years. (RSA 1024 is not that far from brute forcing with classical machines.)
I was wondering exactly how hard factoring RSA-1024 would be today and found this stackexchange answer: https://crypto.stackexchange.com/a/111828
In summary, it estimates the cost at $3.5 billion using commodity hardware, and I'd expect a purpose-built system could bring that cost down by an order of magnitude.