quantum computing

[JohnRoberts]

As if we needed more to worry about, the next generation for computing power, quantum computing (that doesn't rely only on bi-state data) , will posses the power to hack or decode current SSL security protocols (involves factoring long number sequences).  We are still years away from quantum computers with the thousands of qubits (4 state data) required to factor modern security keys. But technology does not stand still...

It seems like time to start thinking about new security protocols....  8) If we wait until after quantum computers exist, that will be too late.

JR

 

[ruffrecords]

SSL relies on very big prime numbers. Not so long ago they were 64 bit, then they become 128bit. Current standard is 256 bits which covers  integers up to 10 x 10^76 which is pretty big.

The same algorithms can be scaled up to 512 bit which covers integers so big my calculator cannot even calculate it. These would be proof against even quantum computers.

Cheers

Ian

 

[ruairioflaherty]

On the topic of Quantum Computing Dave Collin's turned me onto this blog - http://www.scottaaronson.com/blog/

99.75% of it goes over my head but it has sent me on some fascinating reading journeys.

 

[Phrazemaster]

I read an article about Quantum Computing and it said they will be able to hack our passwords in seconds.

 

[JohnRoberts]

I read an article about Quantum Computing and it said they will be able to hack our passwords in seconds.

That's the future quantum computers that do not exist yet... they need like 1000 qubits to do that and now are maybe single digit qubits...

encryption keys are as much as hundreds of digits long...  but apparently not a problem for them to factor out quickly, IN THE (hypothetical) FUTURE.

Relax for now, but don't get too relaxed. Technology marches forward for better and worse.  8)

JR

 

[midwayfair]

I read an article about Quantum Computing and it said they will be able to hack our passwords in seconds.

Strictly speaking, few people use passwords that can't be hacked in seconds.

Most people use words with symbols for replacement letters and numbers.

You can brute force any 8-character password of random digits -- a typical requirement on most websites -- in about 6 hours. https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

(GPUs are used to get more threads.)

Of course, every digit above 8 increases the time needed by, well, a lot, assuming you are actually using the full available ANSII character set -- but then again, most people don't use anything except letters and numbers, because that's what they're told is required. (One of my security quizzes over the summer insisted that a 17-digit password with non-alphanumeric characters was bruteforceable. Feel free to work out the calculations per second required to calculate that within the heat death of the universe.)

Modern password attacks are typically done through dictionary attacks. Dictionaries (not just of English words but of passwords) can be bought or traded from people who obtain or crack batches of passwords, and these are tested for access. It's unbelievable what kind of percentage this will get you. You could take a batch of hundreds of passwords and you might end up with a few that don't get broken, and then you can just dump those onto a machine that brute forces them if you really need them.

By the time we get to quantum computers that can be used outside a lab and bought by your average basement dweller that surpass the calculation capabilities of a tower full of GPUs, we may have come up with something other than passwords. We've already hit the point where IMO it's unrealistic to expect everyone to have a unique password of sufficient strength for all their critical online activities. Eventually we're going to have to accept that expecting people to type characters into a website, or maintain a secure password manager on a device, is just not sustainable and come up with a better way of verifying identity for actually important stuff, the same way we do that in real life.

Feel free to also worry about someone proving NP = P with a constructive proof. That would forever invalidate any form of cryptography that relies on calculations taking longer to undo than to do.

 

[Bo Deadly]

I don't know much about quantum computing but directly cracking TLS streams is probably not the path-of-least-resistance with or without quantum computing. TLS keysize and ciphers are negotiated so that will scale to some degree. My guess at this point is that we will need to stop using passwords as we know them today.

The whole WWW stack and much of the Internet protocols is just a security sieve. Take email for example. There's nothing worse. When you send an email there's a plaintext copy on your PC, on your email server, on the recipients email server and on the recipients PC. So why bother to encrypt the transport!? If you added up all of the lines of code across the internet and then refactored it into one normalized codebase it would be a tiny minuscule fraction of the size. That would be much easier to secure. HTTP does not even consider security because it's stateless and you can't build security on top of a stateless communications protocol. You have to externalize it which means clients have to carry around their security state with them and resubmit their credentials with each operation. That is totally ridiculous. And with HTTPS you loose the statelessness.

Internet security is going to be a major weight around our necks. And unfortunately I feel like we're regressing technologically a little bit. Much of what we have learned is simply being forgotten. The best technology we have today is an app that lets you post a picture on the Internet for your "friends" to see? Weak.

 

[JohnRoberts]

On the subject of password protocols, the guy who came up with the original advice has recently admitted that he pulled that advice out of his butt.... no research existed about password reliability.

His recent advice revision is just to use longer (more letters) that will increase the time to hack by trial and error brute force approaches.

I agree that passwords are already too much of a hassle for any person to memorize, then they try to make you change them every few months, making memorization even less practical.  We will probably see more biometrics used, eyeball scans, fingerprint readers, blood vessels in hands, voice recognition etc.

But this still does not address the issue of secure communication via computer networks. I do not even have a good guess at this point, but it looks like the current security approach has an expiration coming.

JR

[edit-  in today's wsj a suggestion about facial recognition replacing passwords. I didn't read the article yet /edit]

 

[midwayfair]

The best technology we have today is an app that lets you post a picture on the Internet for your "friends" to see? Weak.

Your statement could just as easily have been worded that you can post that picture to a website that will be able to accurately recognize it as a face, recognize *whose* face it is given data or even just context, and recognize that person's face in other photos with only partial information garnered from one or two photos, which is amazing and not just an application of some old theory. You can talk to your phone and ask it for stuff and it will understand you (Microsoft just released a paper on a speech recognition process that is allegedly as accurate as a human in terms of error rate and types of errors, meaning a human can't tell whether the errors were made by the human or the program). A team recently demonstrated the ability to actually create new speech from speech data -- they can take some recordings of you and create a new audio file that sounds like you talking and saying things you didn't say, with varied inflection. All of that stuff is really cool (also scary) and a little bit of it filters down. What filters out at the bottom is stuff that doesn't require expertise, just like it's always been.

 

[Kingston]

Before anyone is about to get alarmist  without sufficient math background on the topic data please read: https://security.stackexchange.com/questions/116596/will-quantum-computers-render-aes-obsolete answer by Cort Ammon. Note also that AES-256 length was in fact chosen over the initial suggestion of AES-128 standard over worries on quantum computing.

TLDR;  We think Quantum computation will halve the effective keylength of AES and other symmetric algorithms. So double your AES keylength, and you are good to go. (AES-256 is probably good enough unless you need to protect high value assets for decades.) On the other hand, quantum computation completely screws RSA and Elliptic curve asymmetric algorithms. There are other algorithms that we think are OK, but we aren't sure (yet). Get ready for much bigger keys in future.

Of course not the entire world of communications is anywhere near AES-256 or even the completely obsolete RSA-1 today.

By the way there's already public quantum computer available by IBM for research purposes. https://www.research.ibm.com/ibm-q/

It's there for anyone to experiment because frankly no one knows quite how they should be effectively used. And no one knows what kind of problems they can solve best either.

 

[JohnRoberts]

Before anyone is about to get alarmist  without sufficient math background on the topic data please read: https://security.stackexchange.com/questions/116596/will-quantum-computers-render-aes-obsolete answer by Cort Ammon. Note also that AES-256 length was in fact chosen over the initial suggestion of AES-128 standard over worries on quantum computing.

TLDR;  We think Quantum computation will halve the effective keylength of AES and other symmetric algorithms. So double your AES keylength, and you are good to go. (AES-256 is probably good enough unless you need to protect high value assets for decades.) On the other hand, quantum computation completely screws RSA and Elliptic curve asymmetric algorithms. There are other algorithms that we think are OK, but we aren't sure (yet). Get ready for much bigger keys in future.

Of course not the entire world of communications is anywhere near AES-256 or even the completely obsolete RSA-1 today.

By the way there's already public quantum computer available by IBM for research purposes. https://www.research.ibm.com/ibm-q/

It's there for anyone to experiment because frankly no one knows quite how they should be effectively used. And no one knows what kind of problems they can solve best either.

The are expected to shine for route optimization algorithms that could save time and energy.

For the record I am not trying to be alarmist, just sharing a heads up about next generation technology. Quantum computing is in it's infancy.

Defeating encryption is probably the scariest thing media could come up with, ignoring the benefits.

JR

 

[dmp]

Encrypted money has brought some of these considerations out.
The tradeoff is to consider the computational cost compared to the reward for breaking some encryption.
Currently, massive supercomputers may be able to break some encyption but the cost dwarfs the potential reward.

Optimization methods are more efficient than a brute force, random search method, when there is a response - which of course you do not have when trying to break a password (there is no hotter / colder feedback).

I could see developments after a few decades making current encryption breakable. An interesting scenario would be orphaned bitcoins (where the original owner lost the key) being unlocked by treasure hunters. Presumably, any crypto currency owner that still held the key would have moved it to a higher encryption standard long before the 'cracking' technology were feasible.