On 09/06/2013 06:13 AM, Jaap-Henk Hoepman wrote:

In this oped in the Guardian

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
Bruce Schneier writes: "Prefer symmetric cryptography over public-key
cryptography." The only reason I can think of is that for public key crypto you
typically use an American (and thus subverted) CA to get the recipients public key.
What other reasons could there be for this advice?

I think we can no longer rule out the possibility that some attacker
somewhere (it's easy to point a finger at the NSA but it could be
just as likely pointed at GCHQ or the IDF or Interpol) may have
secretly developed a functional quantum computer with a qbus wide
enough to handle key sizes in actual use.
And IIRC, pretty much every asymmetric ciphersuite (including all public-
key crypto) is vulnerable to some transformation of Shor's algorithm that
is in fact practical to implement on such a machine.
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography