Jerrold Leichter <[EMAIL PROTECTED]> writes: > | Not quite correct, the first bank transfer occurred earlier this year, > | in a PR event arranged by the same group: > | > | <http://www.quantenkryptographie.at/rathaus_press.html> > | > | However, I still don't believe that quantum cryptography can buy you > | anything but research funding (and probably easier lawful intercept > | because end-to-end encryption is so much harder).
> Not to attack you personally - I've heard the same comments from many other > people - but this is a remarkably parochial attitude. > > Quantum crypto raises fundamental issues in physics. But we aren't physicists. We're security people. To us, this is an extremely expensive way of producing a system that is no more secure (and sometimes even less secure) than simply running, say, TLS. Indeed, since you still need a standard message integrity check mechanism like HMAC to assure end to end authentication (the mechanism does not block man in the middle attacks on its own at all), you are not in fact relying on QM for security! (If you are, you aren't secure!) Sure, it is intellectually neat, but people are selling this (literally -- there are commercial vendors out there now) as though it were a practical way of solving security problems, which it is not. They're spending lots amounts of money on what is essentially a worthless technique. Besides, this all gives the sense, which is completely incorrect, that weak cryptography is the source of insecurity in today's systems. It is not -- crypto is usually the armored steel door in the wall of paper. The weak points are architecture and implementation, and almost never the crypto. > Will this end up producing something new and useful? Who can say? > Right now, we're seeing the classic uses for a new technique or > technology: Solving the old problems in ways that are probably no > better than the old solutions. If the new technique or technology > is really good, it will solve *new* problems we haven't even thought > of yet. I disagree. This is no longer research. It is being sold by people. We also have a pretty strong idea of what this is capable of at this point, and the answer is "it is a very expensive way of setting up a one time pad except unlike a real one time pad, you can man-in-the-middle it." Repeating, this is not a set of experiments. There are a number of companies trying to commercialize this white elephant. I won't quite call it snake oil because it works as advertised, but at an amazing cost. >> The press will always focus on things people understand, and which seem to > have short-term relevance. If you're objecting to researchers blowing their > own horns ... It isn't research any more. There are companies trying to *sell this*. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
