It’s worth a discussion. Is Randall Munroe, writer of xkcd.com correct? Is there an unreasonable investment in cryptography and information security? My take: Since the ‘drug him and hit him with a wrench’ probably violates several very enforceable laws, the attacker is taking a pretty big risk going down that path. Whereas if the attacker was just trying to expose flaws or use massively parallel processing to crack a key, that may violate some laws on paper (ahem) which are harder to enforce–and an attacker would be pretty dumb to let slip that they were up to something like that. What are your thoughts?