Quantum Cryptography Is Safe Again 34
sciencehabit writes "In theory, so-called quantum cryptography provides a totally secure way of sending information. In practice, maybe not. But now physicists have demonstrated how to close a technological loophole that could have left secrets open to eavesdroppers. '[I]n 2010, an international team of researchers showed that [an attacker] could hack the system by exploiting a weakness in the so-called avalanche photodiodes (APDs) used to detect the individual photons. The problem is that APDs react differently to intense pulses of light than they do to single photons, so that the energy of the pulse must exceed a threshold to register a hit. As a result, all [the attacker] has to do is intercept the single photons, make her best-guess measurements of their polarizations, and send her answers off to Bob as new, brighter pulses. ... Last year, physicist Hoi-Kwong Lo at the University of Toronto and colleagues claimed to find a way around the problem. In the new protocol, Alice and Bob would begin the creation of a quantum key by sending randomly polarized signals to Charlie, a third party. Charlie would measure the signals to determine not their actual polarization, but only whether the polarizations were at right angles. ... Now, in papers in press at Physical Review Letters, two independent groups of physicists have shown that the new protocol works.'"
Re: so-called summary (Score:2, Interesting)
Wake me up in 10 years when they're only 5-10 years away from bringing this to market.
Re: (Score:3)
You can already buy commercial quantum encryption devices. That was the point of the hacking to begin with. Only caveat: The existing tech is point to point protocol. That's why this was such big news earlier this year [wavewatching.net].
Re: (Score:2)
The relays in that networking protocol are decrypt-and-encrypt, so it enables even more (undetectable) eavesdropping.
Quantum key distribution has a strange security model where it is assumed that someone inside the network cannot run two instances of the protocol and give the two parties in a communication the illusion of talking directly to each other, when they in fact talk each to the attacker. In other words, it is assumed that there is confidentiality without authentication. All kinds of strange things
Re: (Score:2)
Schrödinger protocol (Score:5, Funny)
Quantum Cryptogaphy exists in a superposition of simultaneously being secure and not-secure.
(Eh, somebody was gonna...)
=Smidge=
Re: (Score:1)
Quantum Cryptogaphy exists in a superposition of simultaneously being secure and not-secure.
(Eh, somebody was gonna...)
=Smidge=
But now that we know that, does it actually exist?
Re: (Score:3)
Perfectly secure when nobody is looking at it, not so good when its being analyzed
Third party? (Score:1)
So in order to achieve the ultimate in secure two-party communications, we need a third party?
Ok, Ok, I'll go read the rest of the article.
I love news without a use (Score:4, Insightful)
Yes, you can reason that quantum cryptography is going to protect this and that thing that isn't at the consumer level. Good on it. But you're still going to have people typing "password" as their password at their bank or "Jeremy85", the boy in the photo on their desk and his year of birth, in sensitive work email.
Re:I love news without a use (Score:5, Funny)
No, no. Banks have secure passwords of at least 12 characters, with mix of upper and lower case, symbols, and numbers, and completely hidden from view on a sticky note on the back of the keyboard.
Re: (Score:2)
No, no. Banks have secure passwords of at least 12 characters, with mix of upper and lower case, symbols, and numbers, and completely hidden from view on a sticky note on the back of the keyboard.
My favorite password policy prevented you from using any letter in your username, and only 3 letters from your real name. Or something like that. Plus everything you said. It made it nearly impossible to remember the password. If I didn't have LastPass I would have had to write it down.
At least the University didn't follow up with the rest of the policy. Can't reuse the last ten passwords, and have to change the password relatively frequently.
See here [cd-net.net] for my rant about it. NOTE: Just realized the ser
Re: (Score:2)
The most important question when addressing "is it secure" is "what is the threat".
If your primary threat is automated brute-force-bots trying to crack your password, it is better that you have a 12-character alpha-numeric / symbolic password written next to your keyboard, than to use a weak password: it addresses your primary threat while introducing a new, lesser threat (burglary / home intrusion causing password disclosure). Of course it would be better still to do neither.
"Jeremy85", the boy in the photo on their desk and his year of birth
If it is not a matter of publ
Re: (Score:2)
Re: (Score:2)
But useful details about it are written down right here on Slashdot. How many combinations of words add up to 24 or 23 letters, with or without spaces? A lot less than add up to a random amount.
This is the biggest threat to security: people like to brag about how smart they are, and as they do they give up information. Joe Hacker can follow you and learn more and more
Re: (Score:2)
Things really get ugly when the school calls to say Jeremy spoke in class.
Re: (Score:3)
Re: (Score:1)
Isn't that gonna stay in your mussle memory or something and make you make the same typo every time you write jeremy?
And If you happen to have told any body about your dirty little secret(You just did), whenever you make a typo in public you lose a word from your passwords.
Re: (Score:2)
There can be many possible typos. How could you be sure a typo I make in public is part of a password?
As of a dirty little secret, I just told you that dictionary attacks will not be enough to crack my passwords. Not a big deal.
Re: (Score:1)
"Isn't that gonna stay in your mussle memory..."
Better to be shellfish and clam-up than to carp about your passwords to every sole out there.
(ow.)
Re: (Score:2)
And that's their loss. As long as I have a method of secure communication, what do I care when idiots get haxed?
Another open question receives far less attention (Score:2)
Is quantum entanglement the only physical resource that allows for such strong encryption?
I.e. does exploiting thermodynamic properties already suffice [wavewatching.net] as claimed in the Kish cypher [scholarpedia.org]?
Re: (Score:2)
Is quantum entanglement the only physical resource that allows for such strong encryption?
The original quantum crypto protocol BB84 http://en.wikipedia.org/wiki/BB84 [wikipedia.org] does not require entanglement, and is secure if one is still sending single photons at a time.
Re: (Score:2)
That quantum encryption system that we weren't using, weren't evaluating, and weren't even capable of implementing, has been saved!
The development of quantum crypto is happening and there's a lot of work on it. Moreover, the claim that we aren't capable of implementing is false. There are even commercial implementations. See http://en.wikipedia.org/wiki/Quantum_key_distribution#Commercial [wikipedia.org] for a list. Computer networks using secure quantum crypto have also been made (scroll just a bit further in that Wikipedia article).
Cryptography safe? Ha ha ha ha!!! (Score:1)
Still an irrelevant stunt (Score:2)
Quantum modulation (and no, it is not "encryption") cannot be routed. The Internet only became possible when global routing rules were introduced. In fact, the Internet can well be described as the "IP routing domain". Its properties mean that quantum modulation will never scale and always only be good for site-to-site links. But these can be protected better, cheaper and more securely in other ways. For example, for site-to-site links, one-time-pads become practical. Quantum modulation is so terribly slow,