Re: Quantum cryptography gets practical
Steve Furlong wrote: On Thu, 2004-10-07 at 14:50, Dave Howe wrote: The regular encryption scheme (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?) well, what they *don't* tell you is the question was which would you prefer to impliment security, a microsoft programmer or none at all and they *still* came second :)
Re: Quantum cryptography gets practical
Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. -TD From: Dave Howe [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] Subject: Re: Quantum cryptography gets practical Date: Wed, 06 Oct 2004 11:26:32 +0100 Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a star from the CO out to a premise (which is the cause of deployment of Collapsed SONET Rings). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to lock out a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its advantages. I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cryptography [EMAIL PROTECTED],Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the last mile and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Quantum cryptography gets practical
Tyler Durden wrote: Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. Unless someone has come up with a new wrinkle to this since I last looked, the QKE system indeed requires three channels - the key photon one which must be optical, and a conventional comms pair (the latter of course can be substituted with any comms pair you have handy, but if you are running fibre from A to B you might as well run three) As all three require MiTM to be mounted, it would be better to have a physically diverse path for the conventional pair - but in a small city where you are patching the optical channel though the nearest exchange, this may not be practicable. The regular encryption scheme (last I looked at a QKE product) was XOR
Re: Quantum cryptography gets practical
On Thu, 2004-10-07 at 14:50, Dave Howe wrote: The regular encryption scheme (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?)
Re: Quantum cryptography gets practical
Steve Furlong wrote: On Thu, 2004-10-07 at 14:50, Dave Howe wrote: The regular encryption scheme (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?) well, what they *don't* tell you is the question was which would you prefer to impliment security, a microsoft programmer or none at all and they *still* came second :)
Re: Quantum cryptography gets practical
On Wed, 2004-10-06 at 06:27, Dave Howe wrote: I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) But it's cool! More seriously, it has no advantage now, but maybe something will come up. The early telephones were about useless, too, remember. In the mean time, the coolness factor will keep people playing with it and researching it.
Re: Quantum cryptography gets practical
Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. -TD From: Dave Howe [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] Subject: Re: Quantum cryptography gets practical Date: Wed, 06 Oct 2004 11:26:32 +0100 Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a star from the CO out to a premise (which is the cause of deployment of Collapsed SONET Rings). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to lock out a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its advantages. I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cryptography [EMAIL PROTECTED],Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the last mile and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re: Quantum cryptography gets practical
Tyler Durden wrote: Oops. You're right. It's been a while. Both photons are not utilized, but there's a Private channel and a public channel. As for MITM attacks, however, it seems I was right more or less by accident, and the collapsed ring configuration seen in many tightly packed metro areas (where potential customers of Quantum Key Exchange reside) does indeed make such attacks much easier. Come to think of it, an intruder that were able to gain access to a CO without having to notify the public (Patriot Act) should easily be able to insert themselves into a QKE client's network and then do whatever they want to (provided, of course, they have the means to crack the 'regular' encryption scheme used to encode the bits--NSA). Which means that, should a $75K/year NSA employee want to strike it really, really rich, they'd be able to procure advanced notice of any mergers/acquisition deals. Unless someone has come up with a new wrinkle to this since I last looked, the QKE system indeed requires three channels - the key photon one which must be optical, and a conventional comms pair (the latter of course can be substituted with any comms pair you have handy, but if you are running fibre from A to B you might as well run three) As all three require MiTM to be mounted, it would be better to have a physically diverse path for the conventional pair - but in a small city where you are patching the optical channel though the nearest exchange, this may not be practicable. The regular encryption scheme (last I looked at a QKE product) was XOR
Re: Quantum cryptography gets practical
On Thu, 2004-10-07 at 14:50, Dave Howe wrote: The regular encryption scheme (last I looked at a QKE product) was XOR Well, if it's good enough for Microsoft, it's good enough for everyone. I have it on good authority that Microsoft's designers and programmers are second to none. (Microsoft's marketing department is a good authority, right?)
Re: Quantum cryptography gets practical
Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a star from the CO out to a premise (which is the cause of deployment of Collapsed SONET Rings). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to lock out a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its advantages. I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cryptography [EMAIL PROTECTED], Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the last mile and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: Quantum cryptography gets practical
Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks. Anyone seen a paper on a scheme that does?
Re: Quantum cryptography gets practical
Tyler Durden wrote: An interesting thing to think about is the fact that in dense metro areas, you pretty much have a star from the CO out to a premise (which is the cause of deployment of Collapsed SONET Rings). This means the other photon of your encrypted pair might easily pass through the same CO somewhere, which would make the system suscpetible to a sort of man in the middle attack. Or at least, your fancy quantum crypto system has defaulted back to standard crypto in terms of its un-hackability. Unless I am mistaken as to the Quantum Key Exchange process, only one photon is ever transmitted, with a known orientation; the system doesn't use entanglement AFAIK. I note also that, as QKE is *extremely* vulnerable to MitM attacks, a hybrid system (which need only be tactically secure, not strategically secure) can be used to lock out a MitM attacker for long enough that his presence can be detected, without having to resort to a classical but unblockable out of band data stream. I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Moral of this story is, even if this thing is useful, you'll probably have a very hard time finding a place it can be deployed and still retain its advantages. I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cryptography [EMAIL PROTECTED], Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: QC Hype Watch: Quantum cryptography gets practical Date: Tue, 05 Oct 2004 17:48:30 +0100 R. A. Hettinga wrote: Two factors have made this possible: the vast stretches of optical fiber (lit and dark) laid in metropolitan areas, which very conveniently was laid from one of your customers to another of your customers (not between telcos?) - or are they talking only having to lay new links for the last mile and splicing in one of the existing dark fibres (presumably ones without any repeaters on it) _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Re: Quantum cryptography gets practical
Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks. Anyone seen a paper on a scheme that does?
