It's a great underestimation. Breaking 3DES is not 3 times more complex than DES, but 2^56 times more complex. 26 x 2^56 = 1873497444986126336 hours. It's why we still trust 128-bit encryption when the total computing power of humanity already exceeded 2^80 operations per seconds.
It's frustrating that I has to refute the argument many times: "If 80-bit is insecure today, 128-bit will be insecure soon any cryptosystem can only guarantee a few decades of security because Moore's Law..." No, it's not how it works (although quantum computers will make 128-bit insecure, but the solution is already available today: 256-bit). The human brain is not wired to understand exponential growth.
>It's frustrating that I has to refute the argument many times: "If 80-bit is insecure today, 128-bit will be insecure soon any cryptosystem can only guarantee a few decades of security because Moore's Law..."
I believe you are doing the people you are talking about an injustice here, because assuming Moore's Law held, we would be doubling computing power every two years (well, transistors really).
Doubling... what comes to mind... Ah yes! Bits! Because with every bit you are doubling the number of keys, meaning that you could crack an 81 bit key today in the same it would have taken you to crack an 80 bit key two years ago. So that gives you 100 years, or about 10 decades, to go from 80 bit to 128 bits.
Or, in other words, Moore's law is also about exponential growth.
So if those people you quoted did indeed say "a few decades" they were right on.
> assuming Moore's Law held, we would be doubling computing power every two years
So the correct realisation here is that Moore's law (an observation by an engineer) doesn't trump laws of physics.
The transistors Moore was talking about have to be made from something. When they're made of a lump of material you can actually see under a microscope this feels both very real and as if it could be shrunk indefinitely. Just keep cutting that material in half!
But it can't. Matter is made of atoms. If you double the number of transistors you must halve the number of atoms in each transistor. Today's transistors have a few hundred atoms in them. Guess what happens when there's one atom in each transistor and you try to halve that? There's no such thing as "half" an atom, what you've got there isn't an atom any more, and so what you're making isn't a transistor.
The argument that we will never need larger symmetric encryption isn't based on ignorance of Moore's law, it's based on knowledge of the laws of physics. You can't make a 256-bit AES cracker by "just" converting the entire planet into Computronium, that's not enough compute power.
I don't agree that a century is "a few decades", my understanding of a "few decades" (and I believe, the person who was discussing this problem with me) is no more than 50 years. If you are clearly talking at the time scale of a century, I'll have no problem with this statement.
It's frustrating that I has to refute the argument many times: "If 80-bit is insecure today, 128-bit will be insecure soon any cryptosystem can only guarantee a few decades of security because Moore's Law..." No, it's not how it works (although quantum computers will make 128-bit insecure, but the solution is already available today: 256-bit). The human brain is not wired to understand exponential growth.