* Jerrold Leichter: > | Not quite correct, the first bank transfer occurred earlier this year, > | in a PR event arranged by the same group: > | > | <http://www.quantenkryptographie.at/rathaus_press.html> > | > | However, I still don't believe that quantum cryptography can buy you > | anything but research funding (and probably easier lawful intercept > | because end-to-end encryption is so much harder).
> Not to attack you personally - I've heard the same comments from many other > people - but this is a remarkably parochial attitude. I'm the last person to argue against basic research, but I'm really against presenting it as if had direct practical relevance. Basic research such receive government funding, but not based on the false claim that it can secure bank transfers. > Quantum crypto raises fundamental issues in physics. The interaction of > information and QM is complex and very poorly understood. No one really knows > what's possible. This is neat stuff, and really nice research. New results > are appearing at a rapid pace. I fully agree. Experimental quantum physics *is* important, but much more from a physics point of view than from a cryptography point of view. > Will this end up producing something new and useful? Who can say? Right now, > we're seeing the classic uses for a new technique or technology: Solving the > old problems in ways that are probably no better than the old solutions. My trouble with quantum key distribution is that at the current stage, the experiments are stunning, but it's snake oil from a cryptography perspective. Have you actually at some of the quantum key distribution papers? The ones I examined even lack such a simple thing as a threat model, and as a result, the authors completely miss man-in-the-middle attacks where the attacker splits the fiber into two pieces, runs two instances of the QKD protocol, and reencrypts the communication after key distribution. > Alternatively, how anyone can have absolute confidence in conventional crypto > in a week when a surprise attack appears against a widely-fielded primitive > like MD5 is beyond me. Is our certainty about AES's security really any > better today than was our certainty about RIPEM - or even SHA-0 - was three > weeks ago? If we postulate that man-in-the-middle attacks are non-existent, convential cryptography is suddenly much stronger, too. 8-) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]