Comment by b112
8 months ago
Regardless of the parent's statement, just normal compute in 30 years, plus general vulnerabilities and weaknesses discovered, will ensure that anything encrypted today is easily readable in the future.
I can't think of anything from 30 years ago that isn't just a joke today. The same will likely be true by 2050, quantum computing or not. I wonder how many people realise this?
Even if one disagrees with my certainty, I think people should still plan for the concept that there's a strong probability it will be so. Encryption is really not about preventing data exposure, but about delaying it.
Any other view regarding encryption means disappointment.
> I can't think of anything from 30 years ago that isn't just a joke today.
AES is only 3 years shy of 30.
If you used MD5 as a keystream generator I believe that would still be secure and that's 33 years old.
3DES is still pretty secure, isn't it? That's 44 years old.
As for today's data, there's always risk into the future but we've gotten better as making secure algorithms over time and avoiding quantum attacks seems to mostly be a matter of doubling key length. I'd worry more about plain old leaks.
I'll concede your point re: current status of some encryption. However there are loads that were comprised.
How do you tell which will fall, and which will succeed in 30 years?
All this said, I just think proper mental framing helps. Considering the value of encrypted data, in 30 years, if it is broken.
In many cases... who cares. In others, it could be unpleasant.
> However there are loads that were comprised.
There are a lot of interactive systems that have attacks on their key exchange or authentication. And there are hashes that have collision attacks.
But compromises that let you figure out a key that's no longer in use have not been common for a while. And even md5 can't be reversed.
I agree with you about being wary, but I think encryption itself can be one of the stronger links in the chain, even going out 30 years.
30 years ago we had a good idea. Anything considered good 30 years ago - 3DES- still is. Anything not considered good has turned out not to be. We don't know what the future will hold so it is always possible someone will find a major flaw in AES, but as I write this nobody has indicated they are even close.
>normal compute
You are underestimating the exponential possibilities of keys.
>plus general vulnerabilities and weaknesses discovered, will ensure that anything encrypted today is easily readable in the future.
You can't just assume that there is always going to be new vulnerabilities that cause it to be broken. It ignores that people have improved at designing secure cryptography over time.
From a security perspective, I argue ypu must assume precisely that.
An example being, destroying sensitive backup media upon its retirement, regardless of data encryption.
> I can't think of anything from 30 years ago that isn't just a joke today
The gold standard 30 years ago was PGP. RSA 1024 or 2048 for key exchange. IDEA symmetric cipher.
This combination is, as far as I am aware, still practically cryptographically secure. Though maybe not in another 10 or 20 years. (RSA 1024 is not that far from brute forcing with classical machines.)
I was wondering exactly how hard factoring RSA-1024 would be today and found this stackexchange answer: https://crypto.stackexchange.com/a/111828
In summary, it estimates the cost at $3.5 billion using commodity hardware, and I'd expect a purpose-built system could bring that cost down by an order of magnitude.