On Sat, Nov 11, 2017 at 6:22 PM, Chris Laprise <[email protected]> wrote:
>>> Would be simpler off the bat to limit discussion to asymmetric crypto, >>> as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and >>> most other disk encryption uses symmetric crypto. >>> >>> I believe qvm-backup crypto is also symmetric (although IIRC it may have >>> specific security issues that need to be addressed). >> or is it because asymmetry is typically used more when send over the >> internet compared to symmetry which is more often used offline? No. > There are some articles/talks that explain the difference, but its not due > to entropy. Its because the public key provides too much info about the > private key to a qc search algorithm. This was already the case with regular > computer searches, at least with RSA which uses much larger keys than a > symmetric cipher like AES to compensate for the issue. > > A figure I heard was that qc can cut search time for symmetric key merely in > half, whereas its can cut time for asymmetric key by orders of magnitude. It is more complex than that, but that is a usable first approximation for many cases. > Most Internet encryption is based on asymmetric ciphers. That's the main > issue and Qubes is not special in any sense on this topic. Symmetric encryption is much faster & is used for nearly all encryption of large chunks or streams of data -- messages in PGP, connections in SSH or TLS or IPsec, disk or file contents in other systems -- and in hash algorithms & variants using them like the HMAC construction. These can provide one level of authentication; if decryption succeeds then the recipient knows the the sender had the right key & if HMAC succeeds he knows the message received is (overwhelmingly likely to be) identical to what was sent or the file read identical to what was stored. Asymmetric encryption gives a different type of authentication, proving the other player had a particular private key. This solves the key management problem which is very difficult with symmetric crypto alone. A major government can send a junior military officer to fly to an embassy once a month to deliver keys, but without public key (asymmetric) techniques anyone else has a real problem ensuring that the right people have the keys & enemies do not. It also gives digital signatures which are used in authenticating the players for SSH, SSL, IPsec connections. With symmetric techniques alone, you can know that only the receiver can read your messages, but you need the public key stuff to know who you are talking to. Signatures are also used to be sure the file you download was produced by Qubes people, not by say a malicious government or some gang of botnet builders. One explanation of the roles of the two algorithm types: http://en.citizendium.org/wiki/Hybrid_cryptosystem -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CACXcFm%3D7YjkUJJEKhnsuCcvmvECBa3oDL0gkU%3DaPr%2B806z_bNA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
