Thanks for the resources. Got back to procrastinate on HN and checked the resources (briefly looked at transcript on the video, but found this article more interesting).

I've always assumed that some amount of unencrypted HTTP traffic is going to be slurped into archives, but I've been too lazy to really check an example and how does that look like in the real world. That BADASS system is an example, focusing on phones. I've also run mitmproxy in my home to learn and then I've wondered if the big agencies have something like that but much more scaled and sophisticated.

I've recently got into studying security, deobfuscated code, or decompiling, tried to find vulnerabilities or bad security, in websites and programs. I've found some, although not anything worth writing home about. I found a replay attack in one VSCode extension that implemented its own encrypted protocol, but it is difficult to use it to do real damage. Found a bad integrity check library (hopelessly naive against canonicalization attack) used by another VSCode extension. I've found something weird in Anthropic's Claude website after you log in, but because their "responsible security policy" is so draconian, I don't want to bother trying to poke it to research it further in case I earn their wrath.

Biggest bummer I found that a video game (Don't Starve Together) I had played for a long time with friends does not have any encryption whatsoever for chat messages to this day. (People gonna say private things in video game chats). The other video game I play in multiplayer a lot, Minecraft, has encryption (a bit unusual encryption but it is encryption).

That article gave me a bit of validation that I'm not a nut for giving shits about encryption and security, and being annoyed at ungodly amount of analytics I see in mitmproxy my laptop is blabbering about.

That's assuming there's no attacks found in a given algorithm. If there is a feasible attack found, the math changes, sometimes dramatically. And we'll never know it because they sure as hell aren't gonna announce it.

Anyway, I'm not worried because governments don't need to crack encryption to do dastardly shit. They have far easier methods to get what they want.

You need to account for the heat of vaporization if you plan on boil away and refilling the oceans for your brute force scheme, so you overestimate how many times you will boil away the oceans by a factor of 6 or something.

For more calculations about the use of (computational) brute force: https://www.schneier.com/blog/archives/2009/09/the_doghouse_...

"... brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

is there a hall of fame for HN comments somewhere because i nominate this one

This is an excellent comment, but I think it's worth pointing out some lacunae.

The most important one is that we're assuming that nobody finds a weakness in AES-256, so we have to brute-force it instead of taking some kind of shortcut. Historically speaking, that doesn't seem like a sure bet. (Some slight progress has been made on AES, but nothing practically useful yet: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#K...) Similar comments apply to factoring large semiprimes and ECDLP; algorithmic improvements could remove many orders of magnitude from these estimates.

Sometimes, even when weaknesses aren't known in the algorithms themselves, there are weaknesses in how they are applied. The Debian OpenSSL fiasco, which seems to have been accidental, may be the best-known example: all secret keys were generated with only 16 bits of entropy. Reusing IVs for OFB or CTR mode is also catastrophic.

A somewhat pedantic note is that you seem to be using two conflicting definitions of "boil the oceans" in different parts of your comment: to raise them to the boiling temperature while leaving them liquid, at first, and to convert them to vapor, later, since you talk about "refilling them". Converting them to vapor requires several times more energy than that. Also, you dropped an order of magnitude somewhere; raising the oceans to boiling requires 5.46 × 10²⁶ J, not 5... × 10²⁵ as you say. ("545 million exajoules" is correct.)

I used `cal_mean` from units(1) to do the calculation, which is based on the mean specific heat of water from 1° to 100°. I'm not sure that's correct for salt water, though, and in any case that's a minor error.

"about 10,000 times humanity's annual energy consumption" is wrong. 545 million exajoules is about a million years of humanity's energy consumption, which is only about 18 terawatts, excluding agriculture.

As gosub100 pointed out, on average you only have to try 2²⁵⁵ possible keys before finding the right one, not all 2²⁵⁶, but that's only a factor of 2.

10¹⁸ AES attempts per second does seem like a reasonable upper bound, but it's much faster than currently existing encryption hardware. 10¹⁸ Hz is the frequency of 0.3-nanometer X-rays with an energy of about 4000 electron volts. I feel like any computer hardware that is performing operations that fast probably cannot be made out of molecules or atoms. You might be able to build it on the surface of a neutron star or a black hole. Seth Lloyd's Nature paper from 02000 on the "ultimate laptop", "Ultimate physical limits to computation", explores some of the physical phenomena involved, and how fast they could possibly compute: https://faculty.pku.edu.cn/_resources/group1/M00/00/0D/cxv0B...

If we take 10¹⁸ Hz and 2²⁵⁶ cycles as given, it is true that one computer would need 10⁵⁹ seconds to finish the job (4×10⁵¹ years), which is indeed about 2.7 × 10⁴¹ times longer than the universe has existed so far (13.79 billion years). But it's worth pointing out that the universe's lifetime is not yet over; it is expected to continue existing much longer than that: https://en.wikipedia.org/wiki/Timeline_of_the_far_future lists various stages of its future evolution, including the end of star formation in 10¹²–10¹⁴ years, the last star burning out in 1.2 × 10¹⁴ years, 10³⁰ years until all the galaxies fall apart, 2×10³⁶–3×10⁴³ years until all protons and neutrons are gone (if protons decay), 10⁹¹ years until the Milky Way's black hole evaporates, and 10¹⁰⁶–2.1×10¹⁰⁹ years until the last black holes evaporate. If protons are stable, you could definitely build a computer that kept computing for the necessary 10⁵² years.

And (as you point out next!) you could use more than one computer. If you could somehow use 10⁵⁹ computers, you could finish the job in a second, rather than in untold eons. It depends on how many computers you can get!

"10 watts" is a somewhat handwavy estimate. Most of the computers around me, in things like my multimeter and my MicroSD card, use a lot less power than that, often a few milliwatts. (The fact that the MicroSD card doesn't have a monitor and keyboard is irrelevant to using it for AES cracking.) I'm currently working on a project called the Zorzpad, to build a self-sufficient portable personal computing environment on under a milliwatt, something that has become possible recently due to advancements in subthreshold digital logic.

But even a milliwatt may be an overestimate for AES cracking on classical hardware, because reversible logic may be able to drop power consumption by one or more additional orders of magnitude, and as far as we know, there's no lower limit (not even the ones Lloyd's article talks about apply). AES cracking is especially suited for reversible computing, which is why I used it as an example in this comment a week ago: https://news.ycombinator.com/item?id=43850835

It may be worth pointing out that 10⁶⁰ joules (which, despite the possible weaknesses above in its derivation, is certainly a plausible ballpark) is a large number not just measured against Earth, but measured against the Sun and indeed the energy output of the entire Milky Way galaxy.

It's even large compared to the available energy in the Milky Way. If you divide it by c² you get 1.2 × 10⁴³ kg. The Milky Way weighs 1.15 × 10¹² solar masses (https://en.wikipedia.org/wiki/Milky_Way) which turns out to be 2.29 × 10⁴² kg, which is 2.06 × 10⁵⁹ J. So even if you converted the entire galaxy into energy to power your AES crackers, you wouldn't get 10⁶⁰ J.

It's probably worth including AES performance numbers on currently available hardware. You'll still get galactic numbers demonstrating that AES-256 is not currently brute-forceable.

> you'd need to check 2^256 possible keys

it's very unlikely you'd have to check the entire keyspace before you found it. On average it would be about half.

[dead]

But knowing still gives you an advantage, even if you can't use it legally -- because you can still use it illegally.

LEO and Prosecutors will use "parallel construction" to construct a narrative about how information was obtained in a legal way even though it was clearly obtained illegally.

Or you could choose to only act on 5% (e.g.) of the information gleaned -- and that which could clearly be shown to be leaked by a third party.

Or say if you were tapping the information of a mob boss, you could leak the information to a competitor and let justice work it's way through the streets instead of the courts.

If Americans are not ideologically opposed to being spied upon by corporations, there is no disconnect here. Americans have strongly signaled, through politics and actions, that they do not give a fuck about their privacy or information security, and ask any voter and they'll repeat some bullshit about "I don't care" or "nothing to hide".

But Americans do not want to be spied upon by a literal adversarial government which sets up police stations in other countries.

I don't want to be spied upon by my country, but currently Republicans want to use the force of the federal government to police and punish wrongthink, and Obama was a true believer in the US spy state, so they didn't exactly try to remove it.

It's hard to get America to undo a policy that was sold as "Kill the terrorists in our country" when those same voters have, 20 years later, enthusiastically supported another round of "kill the brown and muslims because they are terrorists" and want to deport people for tweets.

> What would banning 1 single app do when all of them do the same shit?

That feels like a facetious question. You may as well also ask, "Why we bother arresting the worst murderers when there will still be other murderers?"

> bill doesn't cover all apps owned by a foreign adversary. It has to be specifically TikTok or any other eligible app

The law (not bill) requires an interagency process for identifying further targets. It starts with TikTok. It does so because of TikTok’s ownership. Not speech. I say this as someone who worked on and whipped for the bill.

I don't like the ban, or the fact that the "TikTok bill" ended up granting broad new powers to the executive branch. I just read it a bit differently with regards to free speech.

When it comes to limiting the audience we can engage with, that would require a ban on talking to specific people rather than on a specific platform. Anyone that I may have engaged with on TikTok can still be engaged with on other platforms.

The fact that many of the biggest social media platforms are based in the US and that we saw clear evidence of both the US government's and the plstforms' willingness to collude is a huge problem. To me that's a separate issue than the TikTok ban, though they are in the same arena I suppose.

> If the government goes out of its way to make it difficult to publicize certain opinions, it is widely considered to be an infringement on freedom of speech.

Banning a specific platform would only be making that difficult if there weren't other options. TikToj is one of many social media platforms, and given that industry's tendency to steal each others features and engagement models it isn't even particularly unique in what it offers.

All that said, I'm not a fan of almost any government involvement and would much rather them stay in their lane. I just see this one as an overreach problem rather that a violation of free speech.

Social media platforms rank content based on how profitable it is to them. There is no evidence to suggest otherwise. Maybe it would be unprofitable to resist censorship requests on behalf of US government, but the exact same pressure would be applied to TikTok.

TikTok isn’t the only non-US social media platform. Why wouldn’t it show up elsewhere?

This is the smoking gun of actual free speech violation rather than the US government banning a particular platform wholesale.

To be a first amendment violation this would technically have to involve the US government working to censor American's speech over Palestine. Functionally, though, this is a government censoring specific speech and feels very much like a free speech issue.

> we know is that the White House under Biden was pressuring FB and others to downrank anti-covid-vaccine content

Kind of quaint in 2025.