

Ask HN: Isn't encryption *temporary* privacy? - microb

Given that current encryption will someday be broken by quantum computers, all the companies who have copies of your encrypted data will have access to a massive backlog of your personal information. This includes the torrent of encrypted wifi data which exists in almost every household in America. Therefore, encryption is temporary privacy, wouldn't you say?
======
claudius
Only if the encrypted data is still around when decryption becomes feasible. I
doubt someone is sitting in my closet and recording every bit of wifi traffic
in my local network, so this traffic should, in theory, be fine. The same goes
for encrypted hard drives – most of them won’t ever go through an agency
capable of/interested in storing encrypted data.

Furthermore, I think that there are (classical and practicable[0]) encryption
schemes which cannot be attacked by e.g. Shor’s factorisation algorithm,
although I fail to remember their names.

So, depending on the threat model, encryption may well be permanent privacy,
but of course you have to take future developments into account – even
classical computers will get better.

[0] At least more practicable than XOR with a key the length of the plaintext.

------
tptacek
(a) All security does indeed have a time/value component.

(b) The word "current" in your sentence is inaccurate in its most generous
interpretation. All mainstream secret-key cryptography is believed to resist
quantum computers.

(c) If you're relying on potentially-susceptible number-theoretic encryption
algorithms like RSA, you could at some point switch to lattice or code-based
alternatives.

You should read "An Introduction To Post-Quantum Cryptography", by Daniel
Bernstein.

~~~
microb
Very helpful. Thanks for the information.

------
mooism2
Who is saving copies of our encrypted data that is not already able to decrypt
it?

The power of quantum computers to break existing cryptographic algorithms is
greatly exaggerated in the popular imagination. e.g. a quantum computer would
not be able to instantly factorise large integers; it would be able to
factorise them in about the time in which we can currently factorise integers
half the length. Yes, attacks only get better, and computers get faster, but
quantum computers aren't a magic silver bullet.

------
hardwaresofton
I'm not in New Hampshire, but I think that time-based context is pretty
important here... If you know the password I used 5 years ago, it may matter
significantly less today.

Now if current encryption methods will be easily broken by quantum computers,
we just need to create methods that become even more time consuming/difficult
to use quantum computers to model. As two-way encryption moves forward, what
is stopping people from layering encryptions on the legacy data?

