Forgot your password?
typodupeerror
Encryption Science

Quantum Cryptography Is Safe Again 34

Posted by Soulskill
from the umpires-in-agreement-after-further-review dept.
sciencehabit writes "In theory, so-called quantum cryptography provides a totally secure way of sending information. In practice, maybe not. But now physicists have demonstrated how to close a technological loophole that could have left secrets open to eavesdroppers. '[I]n 2010, an international team of researchers showed that [an attacker] could hack the system by exploiting a weakness in the so-called avalanche photodiodes (APDs) used to detect the individual photons. The problem is that APDs react differently to intense pulses of light than they do to single photons, so that the energy of the pulse must exceed a threshold to register a hit. As a result, all [the attacker] has to do is intercept the single photons, make her best-guess measurements of their polarizations, and send her answers off to Bob as new, brighter pulses. ... Last year, physicist Hoi-Kwong Lo at the University of Toronto and colleagues claimed to find a way around the problem. In the new protocol, Alice and Bob would begin the creation of a quantum key by sending randomly polarized signals to Charlie, a third party. Charlie would measure the signals to determine not their actual polarization, but only whether the polarizations were at right angles. ... Now, in papers in press at Physical Review Letters, two independent groups of physicists have shown that the new protocol works.'"
This discussion has been archived. No new comments can be posted.

Quantum Cryptography Is Safe Again

Comments Filter:
  • by Smidge204 (605297) on Friday August 30, 2013 @04:35PM (#44720357) Journal

    Quantum Cryptogaphy exists in a superposition of simultaneously being secure and not-secure.

    (Eh, somebody was gonna...)
    =Smidge=

    • Quantum Cryptogaphy exists in a superposition of simultaneously being secure and not-secure.

      (Eh, somebody was gonna...)
      =Smidge=

      But now that we know that, does it actually exist?

    • Perfectly secure when nobody is looking at it, not so good when its being analyzed

  • by Anonymous Coward

    So in order to achieve the ultimate in secure two-party communications, we need a third party?

    Ok, Ok, I'll go read the rest of the article.

  • by themushroom (197365) on Friday August 30, 2013 @05:04PM (#44720539) Homepage

    Yes, you can reason that quantum cryptography is going to protect this and that thing that isn't at the consumer level. Good on it. But you're still going to have people typing "password" as their password at their bank or "Jeremy85", the boy in the photo on their desk and his year of birth, in sensitive work email.

    • by InfiniteLoopCounter (1355173) on Friday August 30, 2013 @05:19PM (#44720647)

      No, no. Banks have secure passwords of at least 12 characters, with mix of upper and lower case, symbols, and numbers, and completely hidden from view on a sticky note on the back of the keyboard.

      • No, no. Banks have secure passwords of at least 12 characters, with mix of upper and lower case, symbols, and numbers, and completely hidden from view on a sticky note on the back of the keyboard.

        My favorite password policy prevented you from using any letter in your username, and only 3 letters from your real name. Or something like that. Plus everything you said. It made it nearly impossible to remember the password. If I didn't have LastPass I would have had to write it down.

        At least the University didn't follow up with the rest of the policy. Can't reuse the last ten passwords, and have to change the password relatively frequently.

        See here [cd-net.net] for my rant about it. NOTE: Just realized the ser

      • The most important question when addressing "is it secure" is "what is the threat".

        If your primary threat is automated brute-force-bots trying to crack your password, it is better that you have a 12-character alpha-numeric / symbolic password written next to your keyboard, than to use a weak password: it addresses your primary threat while introducing a new, lesser threat (burglary / home intrusion causing password disclosure). Of course it would be better still to do neither.

        "Jeremy85", the boy in the photo on their desk and his year of birth

        If it is not a matter of publ

      • Mine is a 24 letter memorable phrase with a single number inside it as well. Nobody on Earth can decrypt that and it's written down nowhere. My old bank didn't allow 24 letter passwords (so I assume 16 bit encryption? lol) so I dumped them.
        • by ultranova (717540)

          Mine is a 24 letter memorable phrase with a single number inside it as well. Nobody on Earth can decrypt that and it's written down nowhere.

          But useful details about it are written down right here on Slashdot. How many combinations of words add up to 24 or 23 letters, with or without spaces? A lot less than add up to a random amount.

          This is the biggest threat to security: people like to brag about how smart they are, and as they do they give up information. Joe Hacker can follow you and learn more and more

    • Things really get ugly when the school calls to say Jeremy spoke in class.

    • by manu0601 (2221348)
      Actually, "Jeremy was born in 1985" is a rather good password. Add a typo and it is even better: "Jeremi was born in 1985"
      • Isn't that gonna stay in your mussle memory or something and make you make the same typo every time you write jeremy?
        And If you happen to have told any body about your dirty little secret(You just did), whenever you make a typo in public you lose a word from your passwords.

        • by manu0601 (2221348)

          There can be many possible typos. How could you be sure a typo I make in public is part of a password?

          As of a dirty little secret, I just told you that dictionary attacks will not be enough to crack my passwords. Not a big deal.

        • by Anonymous Coward

          "Isn't that gonna stay in your mussle memory..."

          Better to be shellfish and clam-up than to carp about your passwords to every sole out there.

          (ow.)

    • by Hentes (2461350)

      And that's their loss. As long as I have a method of secure communication, what do I care when idiots get haxed?

  • Is quantum entanglement the only physical resource that allows for such strong encryption?

    I.e. does exploiting thermodynamic properties already suffice [wavewatching.net] as claimed in the Kish cypher [scholarpedia.org]?

    • by JoshuaZ (1134087)

      Is quantum entanglement the only physical resource that allows for such strong encryption?

      The original quantum crypto protocol BB84 http://en.wikipedia.org/wiki/BB84 [wikipedia.org] does not require entanglement, and is secure if one is still sending single photons at a time.

  • Cryptography safe? Ha ha ha ha!!!
  • Quantum modulation (and no, it is not "encryption") cannot be routed. The Internet only became possible when global routing rules were introduced. In fact, the Internet can well be described as the "IP routing domain". Its properties mean that quantum modulation will never scale and always only be good for site-to-site links. But these can be protected better, cheaper and more securely in other ways. For example, for site-to-site links, one-time-pads become practical. Quantum modulation is so terribly slow,

The more cordial the buyer's secretary, the greater the odds that the competition already has the order.

Working...