> > GPG encrypted data (using RSA) can be collected today and easily decrypted > after 50-100 years using a quantum computer. See: > https://en.wikipedia.org/wiki/Shor%27s_algorithm
Well let's see. Usually in a new technology, once you are really going to apply it in the real world, new problems not thought of before are going to pop up. (Think of fusion energy from the tokamak, which is always predicted to be here in 20 years from "now" - since more than 40 years.) > > For this reason, what I do today is share long keys with people I know *in > person*. We then use regular AES-256 to encrypt/decrypt our messages back > and forth. Every 6 months we meet in person to renew our keys. (To be more > secure, we actually create the keys in portions via in-person at different > places, OTR, SMS, landline phone, mobile phone, and snail mail.) > > AES-256 is not vulnerable to quantum cryptography as RSA is, so we feel > much safer this way. > There is another quantum algorithm called Grovers Algorithm that would reduce the effort to crack 256 bit key AES to the effort necessary to crack 128 bit key AES. Since the well known agency from Baltimore uses its influence to have crypto standards coast close to the limit of the brute-forceable, 128 bit AES will be insecure not too far in the future. So if you are worried about the quantum computer, using AES as is directly won't help you a lot. You'd also need symmetric algorithms with at least 512 bit keys and at least 256 bit block size to retain the same security margin as in the pre quantum computer era. Large block and key size algorithms surely do exist. 50 years from now, I'm going to be 105. So if I 'll be alive then, I'll be grateful to be able to ask quantum computer equipped Baltimore for help on recovering my old secrets which might have slipped from my memory by then ;-) _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
