As I understand it, there's two categories of cryptographic algorithms:
- ones which we're pretty sure would take longer than the heat death of the universe to crack
- ones that turned out not to be as strong as we'd thought
Currently your "100 year crypto mode" is "all the non-deprecated algorithms", to the very best of our current knowledge. But that might change at the next cryptography conference. That's why we make algorithms that would take longer than the heat death of the universe to crack - it's the intended lifetime (maybe ten years) multiplied by a safety factor of like a gazillion, because we're still not sure what we can rely on.
This isn't the case. Most of the hashing algorithms have "rounds". For example, SHA1 has 80 rounds. A single round could easily be reversed by you and I. Researchers figure out clever attacks that break a larger and larger number of rounds. For example, 63 rounds of SHA were broken in 2004. When all 80 rounds are broken, the hash algorithm has failed (happened in 2017).
However, if one is happy to trade a little performance for security, you could easily multiply the number of rounds by 10 or even 100.
But the design of SHA1 looks pretty similar to SHA256[1]... And BLAKE[2].. and many other unbroken hash functions.
They nearly all have the idea of doing a bunch of simple bit-mixing operations (for example. shuffle the bits and xor) a lot of times so it becomes infeasible to reason about how to manipulate the input to get a given output.
The most recent and powerful collision attack on SHA1 is essentially a form of differential cryptanalysis, made feasible by SHA1's linear key schedule. SHA2 has a totally different key schedule that doesn't admit the same attack.
Blake2 looks like SHA2 in the sense that all cryptographic hash functions look kind of similar, but they're unrelated:
* the BLAKE hashes are derived from ChaCha20
* they're HAIFA hashes rather than Merkle-Damgard (you can sort of think of MD hashes as "previous generation" hashes, and anything after that as "current generation") --- MD hashes work sort of the way you'd think CBC-MAC works (just chaining and throwing out the results), and HAIFA keeps state between rounds.
* MD4, MD5, SHA1, and SHA2 are straight Davies Meyer constructions --- the compression function (1) encrypts the chaining value (2) with the current message block as the key and (3) XORs the result against the chaining value --- and BLAKE isn't.
Aumasson has posted, I think a couple times, a prediction that collisions in SHA2 simply won't ever be found; that's based on an assessment that there is essentially nothing on the horizon that threatens it. The reasons not to use SHA2 are performance (though: SHA2 has excellent perf on current hardware) and avoiding length extension attacks (ie, forgetting to use HMAC instead of keyed hashes, which nobody does).
Yeah but in general this is basically impossible to predict we could discover P=NP, or prove the Riemmean Hypothesis, learn how to factor in O(log n), find a number theory method to solve discrete logs, or any number of math facts that would absolutely devastate Asymmetric crypto. In general is really hard to find strong crypto-systems let alone proving that the problem is unsolvable
- ones which we're pretty sure would take longer than the heat death of the universe to crack
- ones that turned out not to be as strong as we'd thought
Currently your "100 year crypto mode" is "all the non-deprecated algorithms", to the very best of our current knowledge. But that might change at the next cryptography conference. That's why we make algorithms that would take longer than the heat death of the universe to crack - it's the intended lifetime (maybe ten years) multiplied by a safety factor of like a gazillion, because we're still not sure what we can rely on.