A lot of people recommended to store data in Google, Microsoft or Amazon cloud services. When you asked them about privacy, they just replied by encrypting it and it is ok. I am sorry, but it is not ok, not ok at all. Do you really think a file encrypted with nowadays technology could resisted in 5 years, 10 years or 20 years to the technology improvement?
I think it’s reasonable to assume that e.g. AES won’t be broken in 10 years. (and IIRC quantum attacks are against public key crypto, not symmetric.)
An actual concern with the cloud services would be trusting them to do server side encryption. Don’t :) This is a feature for compliance, when stuff “must be encrypted” but you don’t care about not trusting the service.
I read multiple papers who said it is very secure to use AES-256 for encryption and we are far, if I trust them to break AES-256. However, who could really know about that except except scientist or government agency?
However, for me, when the task is not easy, mistakes could appears and expert needs just one weakness to break you in. It is not easy to encrypt something with the highest security parameter and using the best practice. You also need to have a correct management of the key which could be compromised.
For example:
encrypt it with low security parameter (small key size, not the best encryption algorithm chose)
vulnerability or back door in the software which implement it
during the key generation, entropy wasn’t big enough
I think it’s reasonable to assume that e.g. AES won’t be broken in 10 years. (and IIRC quantum attacks are against public key crypto, not symmetric.)
An actual concern with the cloud services would be trusting them to do server side encryption. Don’t :) This is a feature for compliance, when stuff “must be encrypted” but you don’t care about not trusting the service.
I read multiple papers who said it is very secure to use AES-256 for encryption and we are far, if I trust them to break AES-256. However, who could really know about that except except scientist or government agency?
However, for me, when the task is not easy, mistakes could appears and expert needs just one weakness to break you in. It is not easy to encrypt something with the highest security parameter and using the best practice. You also need to have a correct management of the key which could be compromised.
For example:
And with time: