said by nixen:As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason).
-tom
However, as long as you use a security model that is not flawed to begin with, not even the government can brute force it at this time. It's just not plausible. Here is a quote about AES, which is what the US Government currently uses for the most part:
Some cryptographers worry about the security of AES. They feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small for comfort. The risk is that some way to improve these attacks might be found and that, if so, the cipher could be broken. In this meaning, a cryptographic "break" is anything faster than an exhaustive search, so an attack against 128-bit key AES requiring 'only' 2120 operations would be considered a break
even though it would be, now, quite infeasible. In practical application, any break of AES which is only this 'good' would be irrelevant. For the moment, such concerns can be ignored. The largest publicly-known brute-force attack has been against a 64 bit RC5 key by distributed.net (finishing in 2002; Moore's Law implies that this is roughly equivalent to an attack on a 66-bit key today).
So yeah, I wouldn't worry about encryption being broken yet.
