The Clock Is Ticking On Encryption 228
CWmike writes "In the indictment that led to the expulsion of ten Russian spies from the US in the summer of 2010, the FBI said that it gained access to their communications after surreptitiously entering one of the spies' homes, during which agents found a piece of paper with a 27-character password. The FBI had found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the US government behind it, writes Lamont Wood. That's because modern cryptography, when used correctly, is rock solid. Cracking an encrypted message can require time frames that dwarf the age of the universe. That's the case today. 'The entire commercial world runs off the assumption that encryption is rock solid and is not breakable,' says Joe Moorcones, vice president of information security firm SafeNet. But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing."
The U.S. government is VERY corrupt. (Score:2, Insightful)
The FBI had found it more productive to burglarize a house...
That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation. There are mistakes. There are agents who use their power to cause trouble. There are many other negative consequences, such as the FBI agents acting to support their personal ideas of political action, which has happened numerous times in the past.
Is "quantum computing" the next "cloud computing"? (Score:3, Insightful)
Many of us have known it for a long time, but more and more people are waking up to the fact that "cloud computing" is a sham. It's basically 1970s-era mainframe computing revived and renamed, with a layer after layer of marketing bullshit layered on. It has all of the same drawbacks as mainframe computing plus some, and often without many of the benefits.
"Quantum computing" risks becoming the next such mania. Soon enough, some marketing dipshits will come along and relabel some lousy existing technology as "quantum computing" (even when it absolutely isn't). This will get the press going, and soon the buzz will be overwhelming. Every manufacturer will be hard at work putting "Quantum Powered" stickers on the hardware they sell, and all sorts of software providers will be labeling their software as "quantum-compatible".
If it's anything like cloud computing has been, it'll just be a waste of time and money.
Quite right (Score:5, Insightful)
Wait, who didn't know this already? The title is misleading, but the fact that quantum computing breaks RSA is pretty standard knowledge (among people who have heard of quantum computing at all, I guess). Of course, there are other encryption schemes that seem to work just fine (e.g. Elliptic curve cryptography) with quantum computing, and there's not much evidence that algorithms other than RSA are broken. Note: factoring isn't NP-complete! So far there's no reason to believe it's not an "easy" problem, except that we haven't figured out how to do it. More intersetingly, there's a lot of research being done on quantum cryptography [wikipedia.org], which is really quite cool. In total, quantum computing should probably give us more security than it breaks, except for the idiots who keep using outdated algorithms long after they're broken, but they'd be screwed anyway.
So, the sky is falling! Oh wait, no, that's just the weather changing.
For all my encryption cracking needs... (Score:5, Insightful)
I rely on magic pixie dust found on top of the space elevator. It's easier to get than a useful quantum computer and will be for quite some time.
Re:The U.S. government is VERY corrupt. (Score:5, Insightful)
That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation.
I don't find it such a bad thing, if they have a warrant from a non-corrupt judicial system.
You can hardly say fighting espionage is inherently corrupt.
Re:Quantum Encryption (Score:4, Insightful)
If you want real security, go with a one-time pad and read up on the mistakes the Kriegsmarine made that let their nifty device get cracked.
The silver lining (Score:4, Insightful)
But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing
At least the number of burglaries will go down
Cryptography, eh? (Score:4, Insightful)
Quantum computing could break known asymmetric cyphers, not symmetric. I'm not aware of any quantum solution to breaking any modern popular symmetric algorithms.
Also worth mentioning is that there's really no way the FBI could have known exactly what they'd find. They broke into a home and recovered lots of information, one piece of which proved useful to decrypting messages. If they hadn't found that, who knows what they would have done? Point is don't lower your guard yet - this isn't proof that encryption is rock solid so much as evidence in that direction.
In the end, let's assume unbreakable encryption is readily available. The weakness is in the human factor, since (ultimately) humans have to, at some point, interact with that encryption for it to contain useful information. Looking at the direction England and other countries are going, a government's solution isn't to invest in supercomputers to attack the cryptography; it's to create a set of laws criminalizing a failure to decrypt. Such a failure would be penalized by as much (or more, given the absurd magnitude of criminal damages associated with most modern electronic-targeting laws) as the charges against you for which the cyphertext is relevant. Your information could be protected until the end of the universe while your corpse rots away for some form of electronic obstruction of justice.
There is a pervasive attitude of "If you have done nothing wrong, you have nothing to hide" that seems to be driving a lot of the thrust behind modern laws and solutions. A jury could be (and has been) biased against you just for possession of encrypted material. Why would a legitimate person need to encrypt their documents? Why wouldn't they decrypt them for authorities? "Because they're mine, not yours, and not the government's" isn't something a lot of people sympathize with. I suppose the point I'm trying to make is, while progress on the cryptographic front to stay ahead of authorities (and "bad guys", and the intersection of the two) is critical, it's also critical to enforce a right to innocently encrypt data in the first place.
But sorry to be predominantly negative - overall, a great article that exposes the world of cryptography (and its importance) in terms a layman could understand.
Re:*slaps head* (Score:4, Insightful)
Then you get stupid password systems which state your password must be "at least 6 letters, including 1 upper case and 1 number", about 38 bits. Or even worse "between 6 and 8 characters".
Those systems are generally not trying to protect against people with direct access to the encrypted data files. Instead, they are *login* passwords for systems where attackers do not have direct access to the protected data.
In principle, each of those systems should detect repeat login failures and delay or deny further attempts. In that case, the attacker doesn't get to try countless thousands of guesses. Security holes are very common in those types of systems, but it's not necessarily just because the password is 8 characters long.
Re:The U.S. government is VERY corrupt. (Score:5, Insightful)
I rather think that the FBI is quite careful to check that you are not in the house before they go in. They probably have someone trailing you who will warn them if you start heading home or if they lose track of where you are. They are not idiots and have no interest in getting into a firefight unnecessarily.
Basically, stop being stupid. The FBI is not going round breaking into people's houses willy-nilly. They entered those specific houses because they had probable cause to believe that their occupants were hostile agents of a foreign power engaged in illegal espionage, and they had acquired warrants to do so, supported by oath and particularly describing the places to be searched and the things to be seized. Are you seriously complaining because government agents obeyed the Constitution to the letter in the course of exercising their duty to uphold the rule of law?! I can scarcely believe that any American would display such contempt for the principles on which your hard-won freedom is founded.