[extropy-chat] Encryption revolution

Eugen Leitl eugen at leitl.org
Tue Dec 9 14:33:27 UTC 2003


On Sun, Dec 07, 2003 at 09:15:14PM -0500, Brian Alexander Lee wrote:
> I think you're right. The real reason there's so much funding for quantum
> encryption is because whomever gets it first will have "unbreakable"

Do you trust the laws of physics (these you know, that is, and you do know
that we know our current physics is inconsistent, and hence knowably
incomplete?) or those of mathematics?

Cryptoanalysis is a mature, understood discipline. There are several 
independant-fields-of-theory production-quality PKI systems.

Not many people understand QM, even less people understand the limitations
of hardware using QM (single-photon source? proof of entanglement? detection
of cloning?). 

http://www.interhack.net/people/cmcurtin/snake-oil-faq.html

> encryption for a while. It's like nuclear weapons were, you don't want to be
> the one without it.

The only provably secure cryptosystem is one-time pad, generated
using a good source of entropy and properly whitened. The second best one
is a good (hairy territory, this) PRNG seeded by a shared secret. PKI
is where you're stuck with no shared secret, and only open channels. 
 
> Public key encryption is pretty strong and easy to use, but it has a few

Please refrain from using blanket statements about a domain you obviously
don't understand. "pretty strong" is meaningless without an attack model,
"easy to use" is ridiculous, unless you refer to peer-reviewed
implementations of PKIs, which have an empiric record track of being
insecure. People who thought PKI was easy to write kept producing buggy
shitware. Because they thought it "easy to use".

They're not the weak link in majority of cases, agreed.

> flaws that theoretically a really big gov't computer could use to break it.
> A lot of encryption systems that use public key really use it to generate a
> 120-160bit session key and exchange it with their partner. Although there

All PKI systems are used for symmetric encryption key exchange. In fact, most
PKI has considerable weaknesses, if it's being used for something else than
that.

> are no documented cracks of 120 bit encryption through brute force, it's
> theoretically possible.

The key size is useless without knowing the algorithm complexity. No, it is not possible
to brute-force a symmetric crypto key within its viability window. It is
perfectly possible (though impractical) to use key sizes which cannot
be brute-forced, period. This includes QC, because not all algorithms
can profit from QC parallelism; nevermind that you can't scale to
high qubit numbers (barring error-correction, the problem is energy
efficiency being worse than classical computation).
 
> Harvey pointed out a lot of common vulnerabilities, but most of them can be
> avoided by using proper techniques to avoid timing, social engineering, etc.
> 
> The big benefit of this is that it allows for a secure key transmission
> technique. Proper use of certificates should prevent a man in the middle
> exploit.

You cannot detect a MITM with PKI alone. The QM is there as an (imperfect)
tampering detection.
 
> Nonetheless, crypttech is growing by leaps and bounds as corporations now
> need encryption where previously just terrorists and govt's needed it.

Please do not assume reading Slashdot is sufficient to understand
cryptography (No, reading cryptography@ over years is not sufficient, 
either, or just reading <http://www.cacr.math.uwaterloo.ca/hac/> ,
but it's a first start if you want to understand the basics
of cryptography).

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20031209/b908e24e/attachment.bin>


More information about the extropy-chat mailing list