Schneier Calls Quantum Cryptography Impressive But Pointless

← Back to Stories (view on slashdot.org)

Schneier Calls Quantum Cryptography Impressive But Pointless

Posted by timothy on Thursday October 16, 2008 @08:27AM from the science-fair-project dept.

KindMind writes "Bruce Schneier writes in Wired that quantum cryptography, while an awesome technology, is actually pointless (that is, of no commercial value). His point is that the science of cryptography is not the weak point, but the other links in the chain (like people, etc.) are where it breaks down."

10 of 233 comments (clear)

Min score:

Reason:

Sort:

sure... by Lord+Ender · 2008-10-16 08:30 · Score: 4, Insightful

...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.

--
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
1. Re:sure... by cowscows · 2008-10-16 09:54 · Score: 4, Insightful
  
  Yeah, but in any commercially useful application of the technology, you're going to have computers at each end dealing with the data once it's decrypted.
  That's Schneier's whole point really. The weak link isn't actually sending encrypted data, it's dealing with the data at either end of chain. For the data to be useful, it has to be decrypted at some point in time, and the listener's computer has to know how to do the decryption. An attacker isn't going to attack the encrypted data stream. They're going to attack either the source or the listener, and either get the stored decrypted data, or get the stored encrypted data and the necessary info to decrypt it.
  If your total communications network consists only of a encrypted communications line, plus a computer on each end, and both of those computers have no other connection to any other sort of network, and also have foolproof physical security, then maybe the encryption line might become the weakest point. But in the real world, computers are generally interconnected with many others, allowing lots of directions to attack from.
  Unless someone comes up with some amazing breakthrough that makes factoring very large numbers trivial, there aren't really any practical cases where the encrypted data stream is the likely target of an attack.
  
  --
  One time I threw a brick at a duck.
2. Re:sure... by h4rm0ny · 2008-10-16 10:22 · Score: 4, Insightful
  
  Taking care of the human and physical security is my business. It's the encryption technology that I can't control / verify. So give me encryption that I can trust and I'll be able to assess my security based on the things that I can control / verify myself. Schneier has no business telling me "your set up is flawed so there's no point in giving you secure encryption." It's for me to judge and all I want is to ensure that no weak links come in from outside my control, i.e. a flawed algorithm or technology.
  
  --
  
  Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
3. Re:sure... by stony3k · 2008-10-16 12:48 · Score: 4, Insightful
  
  What he's actually telling you is that the existing encryption is good enough. You really need to spend more time fixing the human problems since that's where most of the attacks come from.
  He's basically telling that we've reached or are close to the point of diminishing returns, where advances in cryptology (newer algorithms or quantum crypto) can no longer be justified based on the increase in cost for these advances versus the % of attacks on existing crypto.
  
  --
  Freedom is not worth having if it does not include the freedom to make mistakes. - Mahatma Gandhi
While I appreciate the spirit of the article... by hajihill · 2008-10-16 08:38 · Score: 4, Insightful

It has been and still is true that adept social engineering can break any security scheme, due to the vulnerability of the people involved. However, saying that it is pointless is about as valid as saying that the exploration of outer-space is pointless.

I don't think I need to explain that any further to this crowd.

--
Of blankness, I know nothing.
1. Re:While I appreciate the spirit of the article... by db32 · 2008-10-16 08:44 · Score: 4, Insightful
  
  It is pointless. He is absolutely right and it isn't even remotely close to the space exploration issue. He didn't say the research was pointless, he said the practical application of the research is pointless. The crypto isn't the weak point, so making that point stronger is pointless.
  
  You just spent a million dollars on your uber leet super crypto secure link to transmit your highly classified secret data to your home office. You also wrote the key down on a stickey note on the front of the device and left it posted on your monitor that faces a window. You might as well have used the cheapest encryption available because it isn't a math attack that is going to break it, its stupid user tricks.
  
  --
  The only change I can believe in is what I find in my couch cushions.
Re:Hard to argue with the general point. by Rogerborg · 2008-10-16 08:44 · Score: 4, Insightful

Yes, I was thinking of putting a lock on my front door, but then I thought "Fuggit, I'll just forget to lock it sooner or later, so why waste the money?"

--
If you were blocking sigs, you wouldn't have to read this.
Re:Hard to argue with the general point. by gnick · 2008-10-16 08:53 · Score: 4, Insightful

I think your analogy is a little bit off. You've got a front door with a standard lock, a dead-bolt, two chains, and a huge rock sitting behind it for security. Now you're faced with a decision whether or not to upgrade your dead-bolt to a super-duper-heavy-duty-dead-bolt. But, since your wife leaves the garage door wide open 4 days a week and no amount of persuasion will convince her to stop, the decision not to upgrade seems like a no-brainer.

--
He's getting rather old, but he's a good mouse.
Re:Hard to argue with the general point. by Tanktalus · 2008-10-16 09:16 · Score: 4, Insightful

Which is worse: a password that you can remember, or changing passwords every 30/60/90 days to a new password such that you can never keep up, and thus need to write it down *somewhere*?
Sometimes, the very processes intended to make us more secure (by forcing a password change regularly) instead make the entire system less secure (because "I forgot my password" too many times and you'll end up out of a job, so better to write it down than to lose your job!).
Sorry, just griping about new policies at $work.
Who is they? by Chuck+Chunder · 2008-10-16 09:55 · Score: 4, Insightful

Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).
If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.

--
Boffoonery - downloadable Comedy Benefit for Bletchley Park