The best quote for this is from Bruce Schneier:

"... brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space."

https://security.stackexchange.com/a/82412

> The magnitude of 2^256 is close to the count of atoms in the entire observable universe.

I've always heard that even 2¹²⁸ is significantly larger than that number (which is closer to 2⁸⁰). This page seems to support that:

https://en.wikipedia.org/wiki/Observable_universe#Matter_con...

Look more carefully, the estimation according to Wikipedia is 10^80, which is roughly 2^266.

(BTW, when converting 10^x to 2^x, times 3 is what I use for very rough back of the envelope estimations. Times 10/3 is actually almost precise, as log2(10) = 3.32…)

Ah, so it's just me being stupid, as usual. Thanks, at least now I know.

> log2(10) = 3.32

or, to put it in simpler terms,

10^3 = 1000 ≈ 1024 = 2^10

Nope, the rough approximation of atoms in the universe is O(10^80). Big difference!

Quickly checking with Python...

2^265 < 10^80 > 2^266

So it's only 0.1% of the number of atoms in the universe?

“Only”.

It's a large number but not close to the count of atom:

https://www.wolframalpha.com/input/?i=2%5E256 > ≈ 0.0012 × the number of atoms in the visible universe (≈ 10^80)

This reminds me of a discussion a few years ago where someone was extremely adamant that you'd have to handle the chance of a key collision in a random 256-bit key for the system to be secure :)

I might agree with them because your random process could be weaker than you think without having any indication until you hit the colision.

Anything past detection and panicking might be overkill tho.