"Assuming the hypothetical NSA breakthroughs don't totally break public-cryptography -- and that's a very reasonable assumption -- it's pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We're already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits."
There is some speculation that the NSA could potentially have quantum computers in which case RSA(and basically everything) is just fucked. Hopefully that's not the case (but hey, what your shadow budget is more than the rest of the world spends on crytopgrahy research combined then who knows, right?)
from Schneier's post: https://www.schneier.com/blog/archives/2013/09/the_nsas_cryp...
There is some speculation that the NSA could potentially have quantum computers in which case RSA(and basically everything) is just fucked. Hopefully that's not the case (but hey, what your shadow budget is more than the rest of the world spends on crytopgrahy research combined then who knows, right?)