If you have anything that claims that AES is different enough to warrant this extra optimism, I would love to have a look.
Yes, seriously. In fact to be clear (since you edited your time down to a mere 30 years) I fully expect something encrypted with 256-bit full AES today to remain inaccessible for all of foreseeable human existence [1]. I mean, it's hard to even really know where to begin here because it's not clear you've so much as looked at a wikipedia page on this before, and really don't grasp how non-linear improvements have been. DES is your cited milestone, but the primary weakness of it was simply that it had a 56-bit key. That's a mere 72 thousand trillion. A 256-bit key isn't "~4.6 times as hard" though, it's "the number atoms in the entire galaxy times as hard". 2^256 is around the lower bound of the estimated number of atoms in the entire universe. A 512-bit key is something like "an entire universe of atoms for every single atom in the universe". These are non-intuitively big numbers.
The algebraic framework of AES is pretty straight forward, and decades better knowledge went into it. But mainly it's that non-linear advances in computing meant that by the end of the 90s tech had caught up with and surpassed what was needed for the kind of keys necessary to make brute force utterly impossible with margin to spare, by anything within the known laws of physics. There have been academic attacks which mildly reduce full AES below brute force, but they simply don't matter at all in practice. 2^254 is better than 2^256, but still impossible. I already cited quantum computers, there we have the math to show that if a fully scalable general purpose one could ever be made it'd allow a quadratic speedup. And against a 128-bit it'd drop it to less than 2^64 and that'd be fairly trivial. But everything modern moved over to 256-bit keys ages ago (FileVault 2 for example was 9 years ago and it was not remotely the first) and it'd be relatively trivial to double keys again at this point if anyone was really concerned.
Side channel attacks are a real issue too for many purposes. But FDE is an exception, since it exclusively is for defending data at rest. That simply nullifies an entire range of tricky implementation issues for this threat model.
Again seriously: you can't just do linear historical extrapolation without at least knowing a bit of why those things went that way and what the foundations are. It's like you being surprised I'd expect algebra or calculus to remain relevant "for the next 3 decades".
>I'd have a hard time finding anyone even remotely claiming that.
Would you now? Here, let me help by starting you off with this guy named Bruce Schneier [2]:
>There is a significant difference between an academic break of a cipher and a break that will allow someone to read encrypted traffic. (Imagine an attack against Rijndael that requires 2^100 steps. That is an academic break of the cipher, even though it is a completely useless result to anyone trying to read encrypted traffic.) I believe that within the next five years someone will discover an academic attack against Rijndael. I do not believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic. So while I have serious academic reservations about Rijndael, I do not have any engineering reservations about Rijndael.
If my expectation is wrong, well at least I can't be ashamed of the company I'd be in.
----
1: Maybe it's possible to brute force 128-bits if we convert the entire solar system into a Matrioshka brain or something like that, I haven't crunched the math. But that's far enough out into transcendent territory that I don't think it's relevant to any data in existence today.
2: https://web.archive.org/web/20090201005720/http://www.schnei...
EDIT TO YOUR EDIT:
>If you have anything that claims that AES is different enough to warrant this extra optimism, I would love to have a look.
Literally any intro to this topic at all that you'd find as in the first few results of going to your search engine of choice and typing "advanced encryption standard". This isn't some niche weird thing. You going "well DES was made obsolete by advances in computing power in the 90s which means AES will be too in a few decades" is the weird thing.
EDIT 2:
Also at some point here we're going to get HN rate limited on replies, discussion on HN isn't intended to support very long chains. I don't know if we'll be able to say anything else, so I'd just leave with really encouraging you to skim through a few intro to modern cryptography pieces, and/or look at the math itself. It's interesting stuff and obviously under girds much of the modern world. In fact the entire history of cryptography leading to this point is really fascinating, what kind of secret message systems people used over millennia and how developing mathematics and computers have fundamentally systematized and changed the nature of it.
