[StableAlkyne]

Encryption gets broken eventually as we get more compute power, and the current algorithms could have problems we're not yet aware of. IPFS requires every node to agree to your delete request (if I'm understanding it correctly).

What's stopping someone from just vacuuming all the data they can until codebreaking catches up with encryption?

Is there a way to remove malicious content? For example, if someone uses this to store some malware's payload and you don't want your project being used for that, what happens?

That said, IPFS is cool, and this project is a neat application of it

[pxx]

> Encryption gets broken eventually as we get more compute power

What, no. Encryption gets broken only because we find weaknesses, not because compute power increases.

You can never straight up brute force a full-strength 512-bit key. That's just a fact of the universe. If the scale of your attacker is less than "literally the whole universe since the beginning of time", 256 bits will suffice against any future human developments.

But even less capable encryption is fairly strong. I would find it unlikely* that a single 3DES-encrypted message (a standard from 1981 with 112 bit effective key length) will be brute-forced, even with novel cryptanalysis, in your lifetime.

Even quantum computers won't help substantially for the capability in breaking a symmetric-key algorithm. Maybe** that 3DES message from 1981 can be broken with them, but any modern settings will not be.

*Unlikely as in less likely than not. I would be surprised if this happens, but the example here is to indicate that even obsolete messages don't have any constructive breaks against them, not that all 3DES messages are secure

**This would be a huge win for quantum computers, beyond imagining for now. But even with this huge win, you can't make such headway for a 256-bit key.

[NegativeK]

I remember reading Schneier's Applied Cryptography, where he mentioned Landauer's principle [1] and things like the entire energy output of our sun over an appreciable amount of time. If you play with it, you end up realizing that a 50 character line noise password is absolutely insane overkill (assuming you didn't realize that from other, unrelated directions.)

Cryptography benefits from having a larger than practical keyspace due to what happens if the algorithm is weakened beyond brute force. But this happening isn't a given.

[1] https://en.wikipedia.org/wiki/Landauer%27s_principle

[acaloiar]

> You can never straight up brute force a full-strength 512-bit key. That's just a fact of the universe.

If there is some number of bits n < 512 where brute forcing an n-bit key is not a "fact of the universe", does it stand that cracking 512 bit keys is also not a fact of the universe?

[stavros]

No? That's like saying "if my glass can fit a drop of water, then it can also fit an ocean". There is an upper bound to how much processing power there can be in the universe, and 512 bit keys need more than that to be cracked.

[esperent]

That's assuming classical computers though, right? What about future quantum computing developments?

[X6S1x6Okd1st]

I guess it depends on the algorithm they chose, HChaCha20 is the symmetric encryption algorithm for libsodium.js which is quantum resistant.

https://doc.libsodium.org/secret-key_cryptography/secretstre...

https://crypto.stackexchange.com/questions/79518/is-xchacha2...

[jmprspret]

Most if not all symmetric encryption is quantum resistant though (with a large enough key). Quantum computing only causes problems for asymmetric algorithms that involve factorisation iirc

[johnhenry]

The key words here are "brute force" -- there might be some [possibly quantum] techniques around it, but probabilities around guessing and checking an arbitrary number remain constant.

[bastawhiz]

> What's stopping someone from just vacuuming all the data they can until codebreaking catches up with encryption?

The people who have the time and resources to do this are nation states. And if they're going to spend their resources on IPFS, they're also already doing this for intercepted HTTPS traffic because it would be wild not to. Imagine having the confidence to crack strong encryption and ignoring 99.9999% of web traffic so you could potentially spy on the handful of gigabytes of whatever is ending up on IPFS.

Even if codebreaking catches up to the point where it's tractable to start cracking the encryption on these files, the ability to tractably crack _all_ the files is probably many decades away. You can probably be confident that you'll be long dead. And you can almost certainly be confident that by the time any of the files (or HTTPS traffic, or whatever) get cracked, the statute of limitations has long passed on whatever nefarious thing you are worried might get seen.

Of course privacy from the prying eyes of the NSA (or your favorite codebreaking entity of choice) is obviously important, but it really begs the question: what is their incentive to do this? To get in on the furry porn you're uploading? To see your baby pictures? The kinds of secrets the NSA is looking for need to be worthwhile enough for the NSA to justify spend millions (billions? tens of billions?) of dollars building zettabyte-scale data centers and cracking them years and years after the fact instead of spending that money on something more immediately impactful. Quite frankly, those secrets aren't "someone from HN sharing their files over ipfs"-shaped.

[ianopolous]

You can make blocks private in ipfs so only authorised people can download them. Here's how we do this in peergos https://peergos.org/posts/bats

[taway1237]

>Is there a way to remove malicious content? For example, if someone uses this to store some malware's payload and you don't want your project being used for that, what happens?

My job involves fighting malicious content on the internet. No, there's no way to remove malicious content from ipfs. It's especially annoying when the ipfs2http gateway takes path using a GET parameter (instead of it being a part of a domain name) because it makes it unblockable on the DNS level.

[ShamelessC]

I uh, don’t think you understand how encryption works…