Re: quantum crypto rears its head again.

2006-12-14 Thread Jon Callas

On 13 Dec 2006, at 11:57 AM, Perry E. Metzger wrote:



I saw this link on Slashdot (and it was also on Ekr's blog):

http://hackreport.net/2006/12/13/quantum-cryptography-its-some-kind- 
of-magiq/


It appears that the quantum crypto meme just won't go away.

Bob Gelfond of MagiQ promises us that for only $100,000, plus monthly
leasing of a dry fiber optic home run between your end systems, you
can have security that isn't even as good as what nearly free software
will give commodity computers over the unsecured public internet.

I wonder if this idea is ever going to die. My guess is it will, but
not until the people who have thrown away their money investing in
this technology go bankrupt.



Thanks for writing your note at the bottom. Quantum cryptography is a  
fascinating thing, but first of all, it's not cryptography. It should  
be called quantum secrecy, or something akin to that. Next, its  
proponents have a tendency to effectively say, Oh, math, that's  
something that could go bad. But physics, *that* will always be good!


Jon

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Quantum Crypto

2003-12-20 Thread John Lowry
Perry is absolutely right.
There is no point in pursuing this.
It might even be analogous to what we now know about computers.
We were warned that there would never be a need for more than
A half-dozen - after all, they were extremely expensive just to get
A few more digits in the logarithm table ...  Thank goodness that we stopped
those wasteful government research efforts and put money into improving
analog mechanical desktop calculators - which is all anyone ever needed
anyway.  ;-)

Perry,
I seem to remember paying excessive amounts for my first installations
of 1822, X.25, token-ring, ethernet - in fact all new devices.  Even the
ones that weren't needed ... Initial cost is a poor metric and you of all
people should know it.  However, I sincerely applaud your effort to present
a snapshot of the state of the art - and the effort to qualify the QKD folks
who are prematurely entering the market.  Please try to include a view the
long term potential and imagine how it might be used when you write your
report.  After all, who would have thought that computers _would_ be linked
together to create communication networks ... And that my 75-year old mother
could not only afford one but actually enjoy using it.  (Ok, its a Macintosh
...)
Please don't dismiss what is really a very new research area with unknown
potential - just leaving the physicist's lab bench for the engineering lab
bench - because a few folks are entering the market too soon and claiming
that they have product.  There is a baby in that bath water !

Season's Greetings !

John


On 12/16/03 10:14, Perry E.Metzger [EMAIL PROTECTED] wrote:

 
 There have been more press releases about quantum crypto products
 lately.
 
 I will summarize my opinion simply -- even if they can do what is
 advertised, they aren't very useful. They only provide link security,
 and at extremely high cost. You can easily just run AES+HMAC on all
 the bits crossing a line and get what is for all practical purposes
 similar security, at a fraction of the price.
 
 The problem in security is not that we don't have crypto technologies
 that are good enough -- our algorithms are fine. Our real problem is
 in much more practical things like getting our software to high enough
 assurance levels, architectural flaws in our systems, etc.
 
 Thus, Quantum Crypto ends up being a very high priced way to solve
 problems that we don't have.
 
 
 Perry
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Quantum Crypto

2003-12-20 Thread Perry E . Metzger

John Lowry [EMAIL PROTECTED] writes:
 Perry is absolutely right.
 There is no point in pursuing this.
 It might even be analogous to what we now know about computers.
 We were warned that there would never be a need for more than
 A half-dozen - after all, they were extremely expensive just to get
 A few more digits in the logarithm table ...  Thank goodness that we stopped
 those wasteful government research efforts and put money into improving
 analog mechanical desktop calculators - which is all anyone ever needed
 anyway.  ;-)

Your amusing banter aside, my point remains. QCrypto doesn't solve any
problems that anyone has in the real world -- everything it can do can
be done far more cheaply and indeed far better by other means -- so it
is a large expense that serves no purpose.

I know of no company using something like AES+HMAC for link security
that has had its cryptographically secured communications successfully
attacked by cryptanalysis* -- and AES is free, and running it is nearly
free. On the other hand, I know of lots of companies that have had
problems because they haven't thought out their remote access systems
well or because they are running software vulnerable to buffer
overflows. The issue is not that we need unbreakable crypto -- we
already have it for practical purposes. The issue is that our systems
are not built robustly.

 Please don't dismiss what is really a very new research area with unknown
 potential -

This is not an issue of unknown potential -- we know what the
systems being marketed do. They have specifications and user manuals.

I would never suggest that people stop research, of course, but it
seems that QCrypto is not a solution to any real world problem.

Perry

*By this, I don't include things like the key management algorithm
 only used all ones as the key -- I mean legitimate attacks against
 AES etc.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]