* Andrew Farmer:
On 23 Nov 2004, at 15:02, Florian Weimer wrote:
* Andrew Farmer:
Especially considering that there aren't enough atoms in the
universe to store all that precalculated data, nor enough energy
to do all the calculations.
Typically, such estimates ignore the possibilities of quantum
superpositions.
On the other hand, we have yet to create a practical quantum computer.
But you can't rule it out, either. If you are after a theoretic upper
bound on computation, you have to take such possibilities into
account. I don't claim that some particular algorithm or key size is
insecure. I just want to point out that entropy-based arguments for
the security of some algorithm against brute-force attacks are
incorrect. (This still doesn't make the attacks feasible, of course.)
If quantum computing comes through (and I doubt it will), we'll all
start using quantum encryption.
Quantum encryption doesn't help much because it does not protect
against reencryption of the quantum channel by the attacker, only
passive eavesdropping is impossible. From a practical point of view,
the quantum key distribution algorithms we know today are as safe as
Diffie-Hellman. The only thing QKD offers are some provable security
properties. Current systems have a major drawback, too: You can't run
the QKD protocols with someone who doesn't share some physical
communication channel with you. This means that if some of the
current quantum encryption protocols are deployed, it's likely that
network operators can eavesdrop traffic at relay stations (which have
to perform reencryption).
Relying on well-designed symmetric ciphers with fairly large keys is
probably the best choice indeed.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
