A Working, Quantum-Encrypted Intranet
192939495969798999 writes "This article points out how BBN, developers of ARPANET, have actually created a quantum-encrypted intranet that serves pages to a small group of research scientists. I firmly believe this is as significant as the very first internet transmission some years back. If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!"
Reader Kent adds "A New York based company, MagiQ
Technologies, has begun selling units for
commercial use while a group in Europe recently made the first quantum encrypted
bank transaction in Vienna, Austria - April 2004. But the Boston network -
though limited to three locations - is believed to be the first Internet-integrated
system
that runs
continuously
between multiple distant locations."
Just because a computer uses encryption, doesn't mean that it is unhackable.
If the technology is working and 100% secure, how long until it makes its way at least into government websites? This might be the end of the hacked by Chinese index pages!"
Just because the network and all of the transmissions are encrypted, doesn't mean the server is secure. Having IIS running HTTPS exclusively doesn't mean you don't have to patch it.
How will this stop worms or web-sites getting 'hacked'? It isn't even designed to! It is designed to stop sniffing or the modification of data while it is on the pipe. I think the poster needs get a clue.
Actually, you have literally no idea of how a quantum encrypted network works. What's interesting about the quantum encrypted network is not whether it keeps password cracking from L33T hackers, but how it makes sniffing along the connection either impossible, or impossible without being noticeable, depending on the implementation.
This might be the end of the hacked by Chinese index pages!
Uh, no. Quantum communication is not magic. (OK, maybe, but not that kind of magic.) What it is, is perfectly secure against physical eavesdropping. An attacker can't "tap the wire", as it were. The name "quantum encryption" is something of a misnomer, though: this technology is just a communication channel, albeit an uber-cool one.
They know that. Of course, you're going to have to explain it to a client one day and realize that when the client hears "it's not 100% secure," they will start looking for something that is. When some PR guy comes along and claims it's 100% secure, we snicker and the PR guy wins the project and gets a Porsche.
I've spent a lot of time educating clients regarding the "nature of things" as you described. However, when the client isn't at that level of interest/ability to understand/etc., I simply say "SSL is the same level of encryption that banks and credit card companies rely on . Your data will be safe." Sometimes I also use the "it would take sixty million years or so to brute force the encryption. I doubt you'll be worried about your 2004 data in sixty million years."
Does anyone know what changes are needed to the current fibre infrastructure to support quantum encryption? can you hook two boxes up at either end of a random cable? what about repeaters, etc, interfering with the signal?
Well, yes, but it's like exception handling vs. error codes: using exceptions doesn't get rid of the error handling problem, but at least they ensure that things can't fail silently. Presumably the two parties do not want to use the line at all if it has been tapped. Better a DOS than a leak of confidential information.
I have a question regarding this. It sounds like quantum encryption requires a direct optical connection between the sender and receiver. Is it theoretically possible make it "routable?" That is to say, would it be usable in the post office type model the internet uses, where packets have to be inspected (and, thus presumably destroying the message in a quantum transmission) to determine where they're going, or would a completely new model need to be developed?