Diffie & Hellman are truly the heroes ahead of the time. 43 years ago, 1976, at the DES review, they had a entertaining debate with NSA employees.
Martin Hellman said,
* 56/64-bit symmetric crypto is insecure, and chosen to benefit NSA.
* 100-200 bits of security should be secure, but is still vulnerable to attacks by quantum computers.
(Glover & Shor's algo were not discovered until the late 90s! We now know 128-bit is pre-quantum secure, 256-bit is post-quantum secure, Martin was completely correct.)
@niconiconi
Transl:
We won't. And if we would, we still can't.
Yeah but you will when you can. And could you, in ten years?
(fast forward 40 years...)
We could and we did.