Two researchers at DEF CON this past weekend showed that the situation is better but people are still using old tech for their crypto. So, better mathematically, but not practically.
It has nothing to do with age. if it cant be cracked it cant be cracked. choose 12 words at random from a small dictionary, write em' down somewhere safe and secret, and forget about it. That will work forever. Overkill security is better than trying to find the computational limit and then going one bit above that. keys are cracked when the process of generating them is flawed or the key is not big enough. That's why bitcoin private keys are so long and why 12 words are used even though 8 would probably still be enough.
> even though a 280 attack will break somebody's AES-128 key out of a batch of 248 keys.
Yeah, "somebody's", but what does the average somebody have that's worth cracking their encryption over? It seems to me that most cryptanalysis threat models would be very specifically targeted: what is the President saying on his secure line? Where are the submarines being dispatched? What are the corporate earnings or fed rate decisions going to be?
Trawling thousands of encrypted connections and cracking one or two is a pretty cool feat,but probably not valuable enough to recoup the costs or yield anything of extraordinary value.
A nation-state actor that could read a random 0.0001% of another country's internal communications would have a decisive advantage. The number of big secrets flying around is enough that you'll get a few of them.
