[justapassenger]

Cryptographic encryption is safe for as long as your crypto is secure.

For any company dealing with sensitive data, relaying on it to resell seems like a horrible idea. It’s not hard to imagine sufficiently motivated attacker (likely state sponsored) just buying up drives and waiting few years for when they can easily break the encryption.

[zokier]

> just buying up drives and waiting few years for when they can easily break the encryption.

"Few years" ... "easily" ... yeah, nope.

I'm pretty sure that even 15 year old luks/truecrypt/bitlocker setups are not "easy" to break today, and have very little reason to suspect that current day cryptosystems would be any more likely to get broken in "few years"

[justapassenger]

You do know that state sponsored actors are already archiving encrypted traffic that they were able to tap into, between nodes of interest for them, with the same purpose, of trying to decrypt it later?

"Easily" means very different thing if you talk about script kiddies vs state sponsored actors.

[zokier]

State sponsored actors are not magic. Basic crypto primitives and systems that have been already available for long time have proven to be robust against even the most well-resourced attackers. Everything we've seen so far indicates that generally attacks happen by running malware, exploiting opsec failures, or some such leaks/implementation faults, and not attacking cryptosystems directly.

Furthermore this scenario relevant for this thread, decrypting discarded hard drives, has very limited opportunities for complex attacks such as evil maids, cold boots, or other such more active methods.

Notably Snowden said following, and while no doubt some progress has been made since I believe the basic idea be still valid:

> “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”