[bhouston]

Will breaking classic computer public key encryption reveal any secrets that were encoded prior to them being obsolete?

Should we be recording encrypted streams and saving them for a few years until we can break them? Is there any value in that?

[sroussey]

What do you think the NSA is doing?

The public blockchains make all this more feasible since they have the community keep the data around in original state for them!

So much cheaper than recording SSL/TLS traffic, for example.

Also that is why they would find it important to exfiltrate the data from a company (or government) before it can be re-encrypted with something better.

[tialaramex]

Yes, if this ever works and is affordable.

Suppose our adversaries have a machine which can do Shor's algorithm at the scale needed to break modern public keys for say $1M and an hour, and they have been recording encrypted sessions.

For sessions encrypted using RSA key exchange, it is enough for them to spend $1M and wait one hour and then they can decrypt everything that they've recorded, using one particular key. So e.g. a typical HTTPS site only has one key for months or even years, if they've recorded the encrypted data they can read all of it for $1M.

Where Forward Secrecy (e.g. ECDHE) was used, the cost is $1M (and an hour) for each session, because the keys change each time so each fresh session needs the expensive algorithm.