Internet Secrets estimated to survive for 15 years

In summary: So it's not valuable because such speculation/prediction is inherently extremely difficult to do accurately. 25 years ago people used to wildly speculate about what computing power would look like in the future (or today's recent past) and most of the time that speculation was based on the false assumption that Moore's law would continue unabated. Such speculations were wildly optimistic - even though they were based on a very well established existing technological progression, projected out for a relatively short period of time.Cryptography has been around for centuries. It has been updated and improved over time, but it's not new. So this article's main point is not particularly new or valuable.
  • #1
.Scott
Science Advisor
Homework Helper
3,520
1,630
TL;DR Summary
A Canadian Phycisist has estimated that encrypted information sent over the internet today will be crackable about 15 years from now.
According to an article in Science News, Canadian Phycisist Michele Mosca has estimated that encrypted information sent over the internet today will be crackable in about 15 years from now.

So, if you send valuable information today using the normal encryption methods used today, and someone has the foresight to save your encrypted dialog, that someone will likely have the tools available in 15 tears to read your information.

Here's a quote with the main point:
Mosca estimates that in the next 15 years, there’s about a 50 percent chance of a quantum computer powerful enough to break standard public-key encryption. That may seem like a long time, but experts estimate that previous major cryptography overhauls have taken around 15 years. “This is not a Tuesday patch,” Mosca says.

The threat is even more pressing because the data we send today could be vulnerable to quantum computers that don’t exist yet. Hackers could harvest encrypted information now, and later decode it once a powerful quantum computer becomes available, Mosca says. “It’s just bad news if we don’t get ahead of this.”
 
Technology news on Phys.org
  • #2
So you're saying we should change our passwords and Social Security Numbers about every 10 years, to stay ahead of these hackers? :wink:
 
  • Like
Likes Vanadium 50 and russ_watters
  • #3
Heck, my Google password is more secure than my bank account...

-Dan
 
  • #4
topsquark said:
Heck, my Google password is more secure than my bank account...
Oh no it's not...!
Made you look! :smile:
 
  • Like
  • Haha
Likes jbriggs444 and dlgoff
  • #5
berkeman said:
Oh no it's not...!
Made you look! :smile:
Actually, neither are terribly hard to figure out, but you have to know me.

Of course, I have no money, so it doesn't really matter all that much!

-Dan
 
  • #6
berkeman said:
So you're saying we should change our passwords and Social Security Numbers about every 10 years, to stay ahead of these hackers?
Won't help. The hypothesized hackers are storing your communication data now, with whatever passwords/credentials you are using now. And if you change them, they'll just spot the change and re-break your new credentials. At least, that's what the claim in the article implies. You would have to be using quantum unbreakable encryption (e.g., a reservoir of pairs of entangled qubits, one of each pair for you and one for the person at the other end) now in order to have your communications safe from this claimed attack.
 
  • Wow
  • Like
Likes russ_watters, Wrichik Basu and berkeman
  • #7
Mosca estimates that in the next 15 years, there’s about a 50 percent chance of a quantum computer powerful enough to break standard public-key encryption.
This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.
 
  • Like
Likes Bystander
  • #8
russ_watters said:
This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.
The issue is not whether his estimate is accurate but whether it is valuable.
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
So your decisions about how much effort you need to devote to encryption today requires an estimate of how fast the adversary technology will develop.

Mosca is as much in the know about the developing technology as anyone. So his opinion is potentially valuable.

There is a broader and very important point here. What constitutes a valuable answer to a question is completely dependent on the purpose of the question. As an extreme example, consider this question posed in 2003: "Based on available intelligence, is Iraq still developing chemical weapons". In an "order of battle" context, you might say "Yes, foreign troops operating in Iraq should be trained and equipped for chemical warfare". But within the context of UN Security Council Resolution 1441, you might say "No, we have nothing that would support such an indictment.".
 
  • #9
.Scott said:
The issue is not whether his estimate is accurate but whether it is valuable.
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
So your decisions about how much effort you need to devote to encryption today requires an estimate of how fast the adversary technology will develop.
It's not valuable because such speculation/prediction is inherently extremely difficult to do accurately. 25 years ago people used to wildly speculate about what computing power would look like in the future (or today's recent past) and most of the time that speculation was based on the false assumption that Moore's law would continue unabated. Such speculations were wildly optimistic - even though they were based on a very well established existing technological progression, projected out for a relatively short period of time.

But quantum computing is like fusion, but worse. It's an entirely new technology and we simply don't even know if it will ever work. And unlike fusion, it isn't just an engineering challenge (we think), it's still highly theoretical, so we don't really even know what it will look like if/when it does get invented. 15 years is an awfully short period of time for something that's still a lab experiment.
 
  • Like
Likes pbuk and Bystander
  • #10
russ_watters said:
It's not valuable because such speculation/prediction is inherently extremely difficult to do accurately.
Unlike hard science, risk management often involves evaluating factors with no discernable mean and standard deviation. That doesn't mean you don't do anything. It only means that you proceed with caution.
 
  • Like
Likes russ_watters
  • #11
.Scott said:
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
But that is a tautology, it is not a valuable piece of information that requires dissemination by a professor of Quantum Physics.
 
  • #12
pbuk said:
But that is a tautology, it is not a valuable piece of information that requires dissemination by a professor of Quantum Physics.
So, I've had a read of most of the article now. It's quite long and with a lot of interesting information. It's just....unfortunate piece to highlight as a teaser IMO. In the article it's basically a throw-away line.
 
  • Informative
Likes pbuk
  • #13
.Scott said:
The key point is that if it is important for you to keep secrets by encryption for decades, you need to use methods that will stand up to future threats - not just current threats.
Purely by safety reasons you are expected to maintain and update any data storage at a much smaller timeframe.
Of course it's possible that somebody forgets to update the protection but by my experience it's more frequent to throw (and forget) the old data in some small corner of the new storage, supposedly with up-to-date protection.

I understand the concern but have some doubts about the practical value.

Ps.: what are 'internet secrets', actually? Does somebody expected to publicly distribute encoded sensitive information, or what? Feels really a weird, non-sense thing.
 
Last edited:
  • Like
Likes russ_watters
  • #14
russ_watters said:
This is just yanked out of thin air idle speculation....and the OP discards the coin flip part in summarizing the quoted summary.

Someone should ask that guy when we'll get nuclear fusion power.
Yes and no. I have no idea how this particular number was calculated; but it does roughly agree with the estimates from various security agencies from around the world (NSA, GCHQ etc).
Putting percentages on these kinds of things is indeed a bit silly; but it is quite literally what some people do for a living When done well, it is in an quantified informed guess.
It is no different than the methods used in finance.

Also, yes this is definitely taken very seriously. There is a reason for why QSC (quantum safe cryptography, also called PQC or post-quantum cryptography) is being rolled out and some organisations (including, apparently, Google) have already switched to using this for information they want to keep secret for a long time. International standards are in the process of being created and should be ready quite soon.

See e.g..,

https://csrc.nist.gov/projects/post-quantum-cryptography
 
  • Like
Likes .Scott
  • #15
Rive said:
Ps.: what are 'internet secrets', actually? Does somebody expected to publicly distribute encoded sensitive information, or what? Feels really a weird, non-sense thing.
I am using the term "internet secrets" to refer to "private" information transmitted over the internet.
For example, a message may refer to information that the SEC considers "insider information" and both the sender and receiver are under a legal obligation to keep to themselves. Since the privacy of that type of information usually expires when it is divulged in a public corporate report - for example, an annual report to the stockholders - the 15-year estimate suggests that, for those internet users, there is no urgency.

In contrast, if you are exchanging political information with a relative in North Korea, you should be concerned that your encrypted messages might be intercepted and stored. Then some decades in the future, those messages will be decrypted using the future technology and those relatives identified.
 

FAQ: Internet Secrets estimated to survive for 15 years

How can Internet Secrets be estimated to survive for 15 years?

Internet Secrets can be estimated to survive for 15 years by implementing strong encryption methods, regular security updates, and proper data backup strategies. By staying ahead of potential security threats and continuously adapting to new technologies, Internet Secrets can remain secure and accessible for an extended period of time.

What measures can be taken to ensure the longevity of Internet Secrets?

To ensure the longevity of Internet Secrets, organizations can invest in robust cybersecurity measures, conduct regular security audits, and train employees on best practices for handling sensitive information. Additionally, implementing multi-factor authentication, restricting access to critical data, and monitoring network activity can help protect Internet Secrets from unauthorized access or data breaches.

How important is it to safeguard Internet Secrets for an extended period of time?

Safeguarding Internet Secrets for an extended period of time is crucial for maintaining the confidentiality, integrity, and availability of sensitive information. Failure to protect Internet Secrets can lead to financial losses, reputational damage, and legal consequences. By prioritizing cybersecurity measures and investing in secure technologies, organizations can safeguard their Internet Secrets for the long term.

What role does data encryption play in preserving Internet Secrets for 15 years?

Data encryption plays a critical role in preserving Internet Secrets for 15 years by converting sensitive information into a secure format that can only be accessed with the proper decryption key. By encrypting data at rest and in transit, organizations can protect Internet Secrets from unauthorized access or interception. Implementing strong encryption algorithms and key management practices can help ensure the long-term security of Internet Secrets.

How can organizations adapt to changing technologies while preserving Internet Secrets for 15 years?

Organizations can adapt to changing technologies while preserving Internet Secrets for 15 years by implementing scalable and flexible security solutions that can evolve with the rapidly changing threat landscape. By staying informed about emerging cybersecurity trends, investing in ongoing training for IT staff, and regularly updating security protocols, organizations can effectively protect their Internet Secrets while embracing new technologies and innovations.

Similar threads

Back
Top