Of course there’s a good reason not to use a long key. If you have a key that long, then it needs to be stored in software somewhere. The cops lift the key off of the disk where you’re storing it, and then they can read the data as easily as you can.
The alternative is to use a key which is short enough for a human to memorize, and to enter it every time you want to access the data. But a memorizable key is a crackable key. Of course, you don’t just try every possible sequence of characters in order. First, you try dictionary words and sequences specific to the person, then you try the same with standard typographic substitutions and variations of capitalization, etc. Only when all of your standard guesses fail do you start in on the “random” passwords. And while it might take a bit of work to set up 50 (or a hundred or a thousand) computers to search passwords, you can bet that there are a number of law enforcement agencies which already have a farm of computers for that express purpose, already set up and waiting.
Well, I assume we’re talking about, you know, actual computer criminals. If you are NOT a computer criminal, then actual innocence will protect you assuming you aren’t being framed by the cops.
My point was that, sure, brute force decryption of PGP is impossible without some wacky quantum computing tricks. And I’m not qualified to say whether those quantum computing tricks would work even in theory. So it is reasonable to say that if you encrypt your files using modern methods those files are safe from mathematical cracking, even by the NSA, even if they took decades.
However, there are plenty of other ways that the cops can get evidence from you. Like, guessing your password because you picked your dog’s name for your password. Yes, people are that stupid. Or you wrote it down. Or you didn’t understand how your encryption software works so you didn’t do it right. Or you encrypted most of your files, but there are a few you forgot about and left unencrypted. Or you were sent those files in the clear and they were intercepted before you had a chance to encrypt them. Or your password was stolen via a keystroke logger. Or the cops sit you down in a room and scare you into signing a confession. Or they trick you into giving them your key. Or they get your brother to testify against you. Or you downloaded a copy of the encryption software but never actually bothered to use it…too much trouble.
Yes, if you are knowledgeable about cryptography and actually use cryptography correctly and you live alone and are fanatical about cleaning up evidence then the cops are going to have a very very difficult time getting enough evidence to convict you of your crimes. My point is that most people aren’t that smart, they’ll make a mistake and leave behind evidence. And thus my contention that the main protection computer criminals have is never coming under investigation in the first place.