No, dammit, he's not, and that article has nothing to do with anything we're talking about. That article is about how long it takes to (1) generate a shitload of passwords through a combination of brute-force and exploiting common human psychological quirks and (2) run them through a hashing algorithm. It has nothing at all to do with breaking encryption schemes--literally nothing at all--but if it did, the takeaway would be that "20-character random passwords are pretty damn secure, especially if somebody uses a hashing function that takes longer than MD5."
But that's all besides the point, and especially arguing about specific hashing functions is totally irrelevant to game set seventy years in the future or whatever we're talking about.
What is true is that evolutionary algorithms do not work on symmetric encryption schemes. They just don't. What makes it an encryption scheme is that evolutionary algorithms don't work on it.
One-time pads just are unbreakable. If you don't have the key, or other outside information, you can't get any information out of the message, with any amount of time or effort. A brute force attack will give you the true message, but will also give you every other possible message of the same length, and won't tell you which is which.
A symmetric encryption key becomes more like a one-time pad the closer the length of the key gets to the length of the message. If you have a 2048-bit key and only ever send one 2000-bit message with it you really are using a one-time pad, you just didn't call it that up front. If you sent 4096 bits of information with it ever, then you can squeeze a certain amount of information out, but just not that much.
In general, you can do better than brute-force trying every key, but not that much better--I think from an info-theory standpoint is provable that you can't do better than a linear speedup, but I could be wrong about that. But by any conceivable system, doubling the key size takes far, far less effort than cracking a key of doubled size. So anyone who actually cares about security will be able to make a key large enough to be impractical to crack. (In particular, in the scene where it takes 3 hours to crack a code or whatever--if you're actually cracking the encryption scheme, it would have been trivial to push that out to 3 months and then the scene doesn't happen). And in some hypothetical world where symmetric encryption actually doesn't work, everyone would just use OTPs anyway.
Now, this is all beside the point. First, because if you're designing a game like this you should design the game mechanics you want and then find a plausible way to explain it. And second, because even with a good symmetric encryption key, no one is actually typing in the 10,000-bit encryption key every time they want to check their fucking email. You don't crack the encryption key itself, you crack the system. And if you just say you're cracking the system rather than the encryption key, all the people bitching about how encryption is mathematically sound--who are correct about that--don't have anything left to bitch about, at least not sensibly, because that's not what you're doing any more. Systems will always have holes. There's no reason those holes have to be in the mathematically soundest and most secure part of the whole setup.