[nl]

> Then you have stuff like BIP39 protecting people's money (cryptocurrency) that can be cracked for $350/hr on GPU rigs

This doesn't appear to be true (in the sense that yes it is feasible to crack 4-word BIP pass phrases, but all wallets that I'm aware of use at least 6 words, which is estimated to take 11 years for a hypothetical ASIC cracker)

https://coldbit.com/can-bip-39-passphrase-be-cracked/

Perhaps you are meaning this attack where someone was able to brute-force 4 words from a 12 words phrase. It matches your $350 cost, but of course is dramatically different to "cracking BIP39": https://medium.com/@johncantrell97/how-i-checked-over-1-tril...

[pffft8888]

2048 words in 6 positions is simply not enough entropy for the NSA's encryption cracking infrastructure. If it is worth it they'll crack it. The NSA does not use a single ASIC cracker.

[nl]

That's an extremely different proposition. Pretty sure the NSA isn't into stealing bitcoins.

[pffft8888]

That's 66 bits of entropy. With a quantum computer having 66 logical (error corrected) qubits, the pass phrase can be cracked in under a day.

That's not too far off, maybe a few years before one is commercially available.