In the indictment that led to the expulsion of ten Russian spies from the U.S. in the summer of 2010, the FBI said that it gained access to their communications after surreptitiously entering one of the spies' homes, during which agents found a piece of paper with a 27-character password.

In other words, the FBI found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the U.S. government behind it.

That's because modern cryptography, when used correctly, is rock solid. Cracking an encrypted message can require time frames that dwarf the age of the universe.

That's the case today. But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing.

The encryption landscape

"The entire commercial world runs off the assumption that encryption is rock solid and is not breakable" says Joe Moorcones, vice president at SafeNet Inc., an information security firm in Belcamp, Md.

There are two kinds of encryption algorithms used in enterprise-level communications security -- symmetric and asymmetric (also called public-key encryption), he explains. Symmetric algorithms are typically used to send the actual information, where asymmetric algorithms are used to send both the information and the keys.

Symmetric encryption requires that the sender and receiver both employ the same algorithm and the same encryption key. Decryption is simply the reverse of the encryption process -- hence the "symmetric" name.

The scale of the problem Today's encryption algorithms can be broken. Their security derives from the wildly impractical lengths of time it can take to do so. Let's say you're using a 128-bit AES cipher. The number of possible keys with 128 bits is 2 raised to the power of 128, or 3.4x10^38, or 340 undecillion. Assuming no information on the nature of the key (such as that the owner likes to use his or her children's birthdays) a code-breaking attempt would require the testing of each possible key until one is found that works. Assuming that enough computing power was amassed to test 1 trillion keys per second, testing all possible keys would take 10.79 quintillion years. This is about 785 million times the age of the visible universe (13.75 billion years.) On the other hand, you might get lucky in the first 10 minutes. Using quantum technology with the same throughput, exhausting the possibilities of a 128-bit AES key would take about six months. However, moving to 256 bits would give the system a level of security equivalent to 128 bits with a conventional computer. Cracking an RSA or EC cipher with a quantum machine would be essentially immediate.

There are numerous symmetric algorithms available, but Moorcones says that, at the enterprise level, nearly everyone uses the Advanced Encryption Standard (AES), published in 2001 by the National Institute of Standards and Technology after five years of testing. It replaced the Data Encryption Standard (DES), which debuted in 1976 and uses a 56-bit key.

Typically using keys that are either 128 or 256 bits long, AES has never been broken, while DES can now be broken in a matter of hours, Moorcones says. AES is approved for sensitive U.S. government information that is not classified, he adds.

As for classified information, the algorithms used to protect it are, of course, themselves classified. "They're more of the same -- they put in more bells and whistles to make them harder to crack," says Charles Kolodgy, analyst at IDC, a market research firm in Framingham, Mass. And they use multiple algorithms, he says.

Though rumors have long swirled around the idea, well-respected sources universally reject the idea that AES has a "back door" that allows the government to read messages encrypted with it. "It's been too heavily scrutinized," says Paul Kocher, head of Cryptography Research Inc., in San Francisco. "They would have to put in a back door that no one else could see, and to be able to do that they would have to be years ahead of everyone else, and that is unlikely."