[tor-dev] Discussion on the crypto migration plan of the identity keys of Hidden Services

[adrelanos]

David Vorick:
> Why are so many bits necessary? Isn't 128bits technically safe against
> brute force? At 256 bits you are pretty much safe from any volume of
> computational power that one could fathom within this century. The only
> real danger is a new computational model that is nondeterministic or
> something crazy like that. I feel like what exists currently (from a
> quantity of bits standpoint) is more than sufficient.

Sometimes clever people find ways to reduce the strength of an algorithm
from X bit to X minus Y bit. Maybe its not necessary right now, maybe it
is. It it irrelevant.

Just look how long people use Tor with weak cryptography. How long it
takes to update that stuff. Therefore I am happy if strongest crypto is
implemented at least as options are added while developers are at it.
Who knows when the over next update comes.

Bonus points: it makes many more paranoid/less educated on the
topic/etc. people happy; less discussions about it; fewer conspiracy
theories.

Kidding: we don't know how much computing power extraterrestrials have;
we don't know if anyone already secretly uses a quantum computer.