- #1
- 14,788
- 9,125
- TL;DR Summary
- Quantum Computing promises to break codes much faster than current means hence all secure transactions on the internet are in jeopardy
if you are talking about QC that can break RSA then I would agree. However, if you are talking about QC that can "do something useful" we are probably talking about much less time than that. IBM is saying that their latest processor("Eagle") might be able to solve small "real world" problems, but that will of course depend on how well it actually works once it is fully up and running.WWGD said:Still, AFAIK, an actual realization of a quantum computer is decades away.
I think you are severely under-valuating how many things require strong encryption these days. I personally like my bank account unstolen, my online accounts (this includes medical, etc) unhighjacked, my computers/smartphones unhacked, etc.jack action said:Furthermore, what is it with this need for all these unbreakable encryptions for our daily business?
jack action said:I never understood that type of fear. If a more powerful computer exists, isn't it available to anyone? And if it can solve problems faster, shouldn't it be able to create harder problems to solve? The computer I own now can solve problems that would've been considered impossible to solve (in a reasonable time frame) decades ago.
As has already been mentioned a LOT of information that would just a few years ago would only have existed on paper (or on e.g. minicomputers not connected to internet) is now being encrypted and transferred over the internet. It is very, very hard to prevent someone from recording that information (and if you are talking about state actors probably impossible) and the only way to prevent someone from reading it is the encryption.jack action said:Furthermore, what is it with this need for all these unbreakable encryptions for our daily business? People used to (and still do) send readable messages, only protected by a paper envelope, sealed with cheap glue, going through at least a dozen pairs of hands, sitting pretty in mailboxes outside our homes. Bank statements, checks, actual credit cards, medical info, nobody expected more privacy than that and the world still went on. Same thing with phone conversations. Not that long ago, people could still share phone lines with total strangers: Just pick up the phone and you could listen to their conversations!
And today it is apparently the worst thing that could happen to you.
That's an interesting thought. I wonder how much unbroken cryptographic text has been archived.Jarvis323 said:I think the main interesting thing would be that many old communications that were intercepted and archived would be now readable. So we could potentially learn a lot about historical events.
Exactly, it only existed on paper. And even when, say, an insurance company asked your doctor for your medical record (which was probably stored in an unlocked file cabinet behind the receptionist desk), the information was just put in an envelope and sent through the mail without any encryption whatsoever. Anyone intercepting the package could copy the information without anyone else ever knowing about it. Or the letter could just be "lost in the mail". And if someone learned that the information was intercepted, nobody would have sued either party implicated for being irresponsible or negligent. Trust seemed to be very important at that time.f95toli said:As has already been mentioned a LOT of information that would just a few years ago would only have existed on paper (or on e.g. minicomputers not connected to internet) is now being encrypted and transferred over the internet. It is very, very hard to prevent someone from recording that information (and if you are talking about state actors probably impossible) and the only way to prevent someone from reading it is the encryption.
There was a report of a bankrupt hospital in Phoenix, that failed to pay rent on the warehouse where it stored patient records. That left the landlord free to do whatever he wanted with the records.jack action said:Or the letter could just be "lost in the mail".
https://www.lawfareblog.com/cyberlaw-podcast-how-much-quantum-tech-boom-just-welfare-physicists
That’s the question [Stewart Baker] had after reading Law and Policy for the Quantum Age, by Chris Hoofnagle and Simson Garfinkel. It’s a gracefully written and deeply informative look at the commercial and policy prospects of quantum computing and several other (often more promising) quantum technologies, including sensing, communications, and networking. And it left me with the question that heads this post. So, I invited Chris Hoofnagle to an interview and came away thinking the answer is “close to half – and for sure all the quantum projects grounded in fear and envy of the presumed capabilities of the National Security Agency of the United States.”
Almost everything.jack action said:What has changed now?
I enjoy cracking the encryption and reading old documents for a historian. The documents were written between 1914 and 1950, so the authors are no longer here to complain.Jarvis323 said:I think the main interesting thing would be that many old communications that were intercepted and archived would be now readable. So we could potentially learn a lot about historical events.
That's what the NSA wants you to think...WWGD said:Still, AFAIK, an actual realization of a quantum computer is decades away.
Unfortunately the electronic world is much more accessible to many more bad actors, and they actively exploit that fact. I can log into my bank account and mail a check to anyone. If someone steals my password or enough PII to reset it, they can mail a check to anyone they want.jack action said:I never understood that type of fear. If a more powerful computer exists, isn't it available to anyone? And if it can solve problems faster, shouldn't it be able to create harder problems to solve? The computer I own now can solve problems that would've been considered impossible to solve (in a reasonable time frame) decades ago.
Furthermore, what is it with this need for all these unbreakable encryptions for our daily business? People used to (and still do) send readable messages, only protected by a paper envelope, sealed with cheap glue, going through at least a dozen pairs of hands, sitting pretty in mailboxes outside our homes. Bank statements, checks, actual credit cards, medical info, nobody expected more privacy than that and the world still went on. Same thing with phone conversations. Not that long ago, people could still share phone lines with total strangers: Just pick up the phone and you could listen to their conversations!
And today it is apparently the worst thing that could happen to you.
I'm pretty sure rsa, dsa, and ecc are not quantum proof, sha based algorithms too. Essentially all of suite b.Jarvis323 said:Modern state of the art cryptographic methods are already considered quantum computer proof. And quantum computers that can crack RSA aren't going to be in stores overnight once they've been engineered. It will only be outdated systems that would be vulnerable. So I think that the risk is kind of over-hyped, like a Y2K kind of thing. Outdated systems are already full of security holes that give hackers easy access anyways.
I think the main interesting thing would be that many old communications that were intercepted and archived would be now readable. So we could potentially learn a lot about historical events.
For no good reason, I feel this has a connection to the continuum hypothesis. And I also think, for no good reason, it will ultimately be shown that p /= np.edmund cavendish said:Or, can a quantum computer solve p vs np?
jack action said:Anyone intercepting the package could copy the information without anyone else ever knowing about it. Or the letter could just be "lost in the mail". And if someone learned that the information was intercepted, nobody would have sued either party implicated for being irresponsible or negligent. Trust seemed to be very important at that time.
What has changed now?
But this brings us back to what initiated my comment: Yes, it is easier for the thief to steal because he has better tools, but I also have access to the same tools and I can as easily make it harder for him to steal me.Algr said:What has changed is the number of envelopes someone could reasonably open before being caught. For paper mail, it could be as low as ten. Such a thief would not be likely to intercept much useful information before being detected. And they would need to be in physical proximity to people who care about the security of mail.
By comparison, a hacker getting into a mail server could scan hundreds of thousands of e-mails, and automate a search for credit card numbers, SS numbers or whatever. And such a hacker might be half a world away from their victim, with a complex, untraceable trail.
Well said. That's often forgotten. I would be curious to hear if adoption of multi-factor-authorization in recent years has cut back on crime. I think MFA is one of those defensive advances.jack action said:The point is when the power to do great things escalates on one side, it automatically escalates on the other side as well. When QC that can break RSA will exist, QC that can create harder encryptions to break will also exist. And it will still be wasteful for most of us to use super-duper encryptions to simply wish happy birthday to someone.
I still don't use this (identifying the device) because I'm still not convinced of the advantages compared to using a well-chosen password (i.e. truly randomly generated) and a password manager (on my device, not online).anorlunda said:I would be curious to hear if adoption of multi-factor-authorization in recent years has cut back on crime.
As far as I am aware this is not correct. I am not familiar with any QC algorithm that can be used for encryption.jack action said:The point is when the power to do great things escalates on one side, it automatically escalates on the other side as well. When QC that can break RSA will exist, QC that can create harder encryptions to break will also exist. And it will still be wasteful for most of us to use super-duper encryptions to simply wish happy birthday to someone.
You don't think that more powerful computers will be able to create problems that will be hard to solve for that same computer? (I know I said encryption, but it may be some other method still unknown because there is no need - or no mean - for it.)f95toli said:As far as I am aware this is not correct. I am not familiar with any QC algorithm that can be used for encryption.
I've been operating under the opposite assumption. The brute force "try every password" attack was completely solved decades ago. (Just disallow more than one attempt per second.). All these giant untypeable unmemorizable O0Il| sensitive passwords are just bad security experts passive aggressively punishing users, and finding ways to blame users for bad product design. Two factor security at least makes some kind of sense.jack action said:I still don't use this (identifying the device) because I'm still not convinced of the advantages compared to using a well-chosen password (i.e. truly randomly generated) and a password manager (on my device, not online).
Quantum computers are NOT "more powerful computers". For most problems they are -and always will be- slower than conventional computers. There is only a small set of problems where quantum computers are potentially faster than conventional computers. However, it turns out that some of these problems are very important (some problems in quantum chemistry, materials science, a range of optimisation problems and of course factorisation) but for most problems a QC wouldn't give you any speedup (meaning in practice it would probably be much, much slower than a conventional computer).jack action said:You don't think that more powerful computers will be able to create problems that will be hard to solve for that same computer? (I know I said encryption, but it may be some other method still unknown because there is no need - or no mean - for it.)
Yes, I have for years thought those big passwords are silly. You have to record them somewhere, and that record is then a security risk.Algr said:The brute force "try every password" attack was completely solved decades ago. (Just disallow more than one attempt per second.). All these giant untypeable unmemorizable O0Il| sensitive passwords are just bad security experts passive aggressively punishing users, and finding ways to blame users for bad product design.
"Computers are useless. They can only give you answers."" -- Pablo Picassojack action said:You don't think that more powerful computers will be able to create problems that will be hard to solve for that same computer? (I know I said encryption, but it may be some other method still unknown because there is no need - or no mean - for it.)
It's more difficult to steal a million physical credit cards, than the electronic details of a million cards from one computer hack.jack action said:What has changed now?
Without getting caught and being able to use this information? Are you sure about that? Why aren't there more people doing it then?PeroK said:It's more difficult to steal a million physical credit cards, than the electronic details of a million cards from one computer hack.
Lots of people are! This literally happens on on a daily basis. Of course it is not always credit card information; usually it is just stolen password files that are then decrypted and the information used to access peoples e-mail and social media accounts (because people tend to re-use usernames and passwords). This is how many targeted phishing attacks are done.jack action said:Without getting caught and being able to use this information? Are you sure about that? Why aren't there more people doing it then?