Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Communications Encryption

Simple Comm Technique Beats Quantum Crypto 164

Atario wrote us with a link to a New Scientist article about an innovative new way of encrypting communications. An engineer at Texas A&M may have a way to exploit the thermal properties of a wire to create a secure channel. The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys. "In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use ... Half the time ... they will choose different [resistances], producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say."
This discussion has been archived. No new comments can be posted.

Simple Comm Technique Beats Quantum Crypto

Comments Filter:
  • Cool. (Score:5, Interesting)

    by bytesex ( 112972 ) on Sunday May 27, 2007 @08:28AM (#19291519) Homepage
    But if I understand correctly, and I want to do this over ethernet, for example, that means that it is a) unroutable and b) my ethernet endpoints would have to be aware of my security preferences ?
    • From TFA:

      "This is a system that should be taken seriously," says security specialist Bruce Schneier, who founded network security firm BT Counterpane. He says he was seduced by the simplicity of the idea when it was first proposed by Kish, and now wants to see independent tests of the working model. "I desperately want someone to analyse it," he says. "Assuming it works, it's way better than quantum."

      Although I don't recall seeing anything about it on his website. Bruce knows a lot more than I do, but this

      • by Lagged2Death ( 31596 ) on Sunday May 27, 2007 @09:02AM (#19291701)
        If Eve or Mallory get to the wire first, then the "normal" wire state that Alice and Bob see will include their taps.

        Eavesdropping on this wouldn't do any good. From an eavesdropper's point of view, there are three noise levels, two of which mean nothing and one of which means a bit has just been transferred from A to B or from B to A. An eavesdropper can't tell which direction the bit is going or what the value of the bit was.
        • All Eve has to do is to have two taps on the wire. She can watch the signal propagate from one to the other and determine who sent it.

          And I'm not seeing why there would be three noise levels on the wire. You'd start off with the plain wire. Then Eve's taps. Then Eve would see the wire characteristic change when Alice put her resistor on. So she'd know that information. Then she'd see it change again when Bob put his resistor on. So she'd have that information also.

          All Alice and Bob would know is the state A
          • Re: (Score:3, Informative)

            by tomz16 ( 992375 )
            You are incorrect... If Eve gets to the wire first, then Alice and Bob may not know that there is a tap, but the tap is still worthless. Only the party at an enpoint would know what resistor THEY have put in, allowing them to deduce the resistor used at the other end. The person in the middle would only have the (worthless) piece of information that Alice and Bob differed in the resistor that they chose.

            Noise endpoint 1 endpoint 2

            High high high
            Medium high low
            Medium low
            • by epine ( 68316 )

              The two resistors with different values function as a voltage divider. What's the clever method to eliminate the ground reference from Mallet, so he doesn't determine the bit via measurement in the voltage domain?
            • Re: (Score:3, Interesting)

              Only the party at an enpoint would know what resistor THEY have put in, allowing them to deduce the resistor used at the other end.

              But how do they put in those resistors? With switches. Switches that inject charge onto the output wire when their state changes. Switches with their own resistance and temperature coefficient of resistance. And that is detectable.

              High high high
              Medium high low
              Medium low high
              Low low low

              Alas, real resistors cannot be perfectly matched; the real wire state table

        • Re: (Score:3, Insightful)

          by smallfries ( 601545 )
          But he didn't mention eavesdropping, he mentioned man in the middle attacks. Just like a quantum link this is vulnerable to man in the middle attacks when used without a separate authenticated channel.
          • This does nothing to prevent man-in-the middle attacks. If I can get physical access to your wire to eavesdrop I can also cut it completely and put myself in the middle.

            Still, it's a nice piece of thinking.

          • I thought that was what the paired resistors were for. You'd need to know the exact pair.
      • by eblot ( 1108019 ) on Sunday May 27, 2007 @09:20AM (#19291789)
        > Although I don't recall seeing anything about it on his website.
        That would be: http://www.schneier.com/crypto-gram-0512.html#15 [schneier.com]
        • Thanks!

          And Bruce does note that it is vulnerable to a man in the middle attack.
        • MITM... (Score:5, Informative)

          by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Sunday May 27, 2007 @01:40PM (#19293565) Journal

          I read Schneier's page because I respect the guy, and I figured he'd know what he was talking about. It already seemed trivially vulnerable to a man-in-the-middle attack, but I wanted to see if I was the only one.

          Looks like I'm right:

          Even more basic: It's vulnerable to man-in-the-middle attacks. Someone who can intercept and modify messages in transit can break the security. This means you need an authenticated channel to make it work -- a link that guarantees you're talking to the person you think you're talking to. How often in the real world do we have a wire that is authenticated but not confidential? Not very often.

          He actually details a few more problems:

          For those keeping score, that's four practical problems: It's only link encryption and not end-to-end, it's bandwidth-limited (but may be enough for key exchange), it works best for short ranges and it requires authentication to make it work. I can envision some specialized circumstances where this might be useful, but they're few and far between.

          But then, I guess it's the best we've got:

          But quantum key distributions have the same problems. Basically, if Kish's scheme is secure, it's superior to quantum communications in every respect: price, maintenance, speed, vibration, thermal resistance and so on.
      • Little known Bruce Schneier fact: [geekz.co.uk] he cryptanalyzed this in his sleep, he just forgot the answer when he woke up.
         
      • Although I don't recall seeing anything about it on his website.

        It was on his blog [schneier.com] last December.

        In any case, the system can be defeated using a directional coupler.

    • by Yvanhoe ( 564877 )
      I think here the conditions are the same as the typical quantum crypto test : the goal is to secure a line, not a connection
    • Re: (Score:2, Funny)

      Note: Did not RTFA

      Does it work with wireless?
  • broken link (Score:5, Informative)

    by Anonymous Coward on Sunday May 27, 2007 @08:31AM (#19291537)
  • dupe? (Score:5, Informative)

    by roguegramma ( 982660 ) on Sunday May 27, 2007 @08:31AM (#19291543) Journal
    Seems to me to be a dupe of http://it.slashdot.org/article.pl?sid=05/12/10/171 4256 [slashdot.org]
  • by vertigoCiel ( 1070374 ) on Sunday May 27, 2007 @08:33AM (#19291555)
    From what I can gather from the summary (the New Scientist domain seems to be blocked by the PRC to those in China, so I can't RTFA), the security of this lies in the fact that Eve cannot seperate the message from the inherent thermal noise of the channel. However, wouldn't she be able to decode the message by trial and error by hooking her own resistors? Surely she doesn't have to have identical resistance just around 10 or 100 Ohms of the average.

    Could someone correct me if I'm wrong (which I think I am)?
    • by 26199 ( 577806 ) *

      It's a bitstream -- high/low resistance being one and zero -- and to get the message back you need to guess exactly the sequence of ones and zeros as Alice or Bob used.

      If you guess the wrong sequence you don't get any indication that your guess was wrong -- you just get the wrong message. Similar idea to a one-time pad; if you use the wrong decryption key you can get any message at all with no indication that it wasn't the right message.

  • by Anonymous Coward
    The system works because the sender and receiver have a direct electrical connection. If you have such a connection, that means that you have an unbroken wire between the two with nothing else connected to the line. You usually don't even get such a connection if you lease cables from the telephone company. The only way such a connection exists is if the wire is owned by the organization that employs the sender and receiver.

    Under the conditions stated above, cryptography isn't very important. The most i
  • Man in the middle (Score:2, Insightful)

    by anwyn ( 266338 )
    This is a secure way to agree to agree on a one-time pad, or other key, but it is subject to man in the middle attacks. How does fred know that it is alice other end of the line switching resistors, or is it darth the man in the middle swiching resistors?
  • by milo_a_wagner ( 1002274 ) <milo@yiannopoulos.net> on Sunday May 27, 2007 @09:19AM (#19291783) Homepage
    SPYING is big business, and avoiding being spied on an even bigger one. So imagine if someone came up with a simple, cheap way of encrypting messages that is almost impossible to hack into? American computer engineer Laszlo Kish at Texas A&M University in College Station claims to have done just that. He says the thermal properties of a simple wire can be exploited to create a secure communications channel, one that outperforms quantum cryptography keys. His cipher device, which he first proposed in 2005, exploits a property called thermal noise. Thermal noise is generated by the natural agitation of electrons within a conductor, which happens regardless of any voltage passed through it. But it does change depending on the conductor's resistance. Kish and his collaborators at the University of Szeged in Hungary say this can be used to securely pass information, or an encryption key, down any wire, including a telephone line or network cable. In their device, both the sender Alice and the receiver Bob have an identical pair of resistors, one producing high resistance, the other low resistance. The higher the total resistance on the line, the greater the thermal noise. Both Alice and Bob randomly choose which resistor to use. A quarter of the time they will both choose the high resistor, producing a lot of noise on the line, while a quarter of the time they will both choose the low resistor, producing little noise. If either detect a high or a low amount of noise in the line, they ignore any communication. Half the time, however, they will choose differently, producing an intermediate level of thermal noise, and it is now that a message can be sent. If Bob turns on his high resistor, and records an intermediate level of noise, he instantly knows that Alice has chosen her low resistor, in essence sending a bit of information such as 1 or 0. Kish's cipher does this many times, sending a random series of 1s and 0s that can form the basis of an encryption key, the researchers say (http://www.arxiv.org/abs/physics/0612153). That message is also secure. For a start, as Kish notes, it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line. If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0. What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know that someone is listening in. Kish and his team have now successfully built a device that can send a secure message down a wire 2000 kilometres long, much further than the best quantum key distribution (QKD) devices tried so far. Tests show a signal sent via Kish's device is received with 99.98 per cent accuracy, and that a maximum of just 0.19 per cent of the bits sent are vulnerable to eavesdropping. The error rate is down to the inherent resistance of the wire, and choosing a larger wire in future models should help reduce it further. However, this level of security already beats QKD. What's more, the system works with fixed lines, rather than the optical fibres used to carry photons of light at the heart of quantum encryption devices. It is also more robust, as QKD devices are vulnerable to corruption by dust, heat and vibration. It is also much cheaper. "I guess it's around a hundred dollars, at most," Kish says. "This is a system that should be taken seriously," says security specialist Bruce Schneier, who founded network security firm BT Counterpane. He says he was seduced by the simplicity of the idea when it was first proposed by Kish, and now wants to see independent tests of the working model. "I desperately want someone to analyse it," he says. "Assuming it works, it's way better than quantum."
  • Already Broken (Score:5, Informative)

    by Anonymous Coward on Sunday May 27, 2007 @09:28AM (#19291845)
    It can be attacked passively: http://arxiv.org/pdf/physics/0601022 [arxiv.org]
    • The original article was published (and talked about in /., see Related Article link) back in 2005. The paper you cited claiming a break was replied to by the original author, and there have been a number of other papers back and forth since. The technique has credibility. As Bruce Schneier pointed out this technique if it works is no worse than quantum cryptography and is a lot simpler and cheaper, but it has all the other deficiencies of quantum cryptography. The author claims no more than that. He rebuts
  • crappy crappy method (Score:3, Informative)

    by timmarhy ( 659436 ) on Sunday May 27, 2007 @09:30AM (#19291855)
    This can only be applied where there's a direct electrical connection, hence ruling out it's usefulness in any real application. even IF this were applied via some software protocol it does nothing to validate that alice is actually alice and not the feds.
    • by SLi ( 132609 )
      Hard from crappy. Quantum cryptography suffers from that too. However it's unbreakable. Provably so. Without prior exchange of a key as large as the data being transmitted, and the key being used only once, some of the information from the plaintext can be extracted, given enough time or a significant mathematical breakthrough. No matter which crypto you use. Provably so.
      • by SLi ( 132609 )
        Hardly crappy. I'm not sure I want to know what I was thinking when I wrote that.
  • Speed of light? (Score:3, Informative)

    by The New Andy ( 873493 ) on Sunday May 27, 2007 @09:37AM (#19291889) Homepage Journal
    If you had two sniffing devices, one near Alice, one near Bob then I speculate that if the frequency of the devices is high enough then they will be able to tell who had which resistor active.

    This reminds me of another crypto method where the receiver adds noise to the line. The theory is that they know what the noise is, so they can remove it, but Eve can't get it because she doesn't know what the noise was. It falls down under the same attack because the signal is only propagated at the speed of light, not instantaneously.

  • I haven't been able to read the article thanks to the /. effect. However; from the description of the article it seems to rely on analogue connection between two points. In reality how often does this happen these days? Surely most communications are digitised at some point where upon the effects of altering the resistance of the circuit will be removed or at least altered enough not to be useful. You could set up a physical circuit for secure communications, but then it would be possible to listen in u
  • by WhoBeDaPlaya ( 984958 ) on Sunday May 27, 2007 @09:58AM (#19291995) Homepage
    'nuff said :)
    • I was thinking of asking someone to let me know where Alice, Bob and Eve all live. I just bought a job lot of cheap resistors on eBay and I need to unload 'em in a hurry...
  • Why not use randomly generated numbers,and insert data into the stream using its own contents as location pointer?(which i did with some ciphers http://www.invisionplus.net/forums/index.php?mforu m=stormtower&showtopic=5 [invisionplus.net] )
    • by Twinkle ( 84777 )
      Random or pseudo-random? If the latter, all the PRNG's I know of are far weaker than all the cipher algorithms I know of. There's probably a good reason why this idea isn't seen in commercially deployed secure solutions.
    • by Goaway ( 82658 )
      Anybody can create a cipher they themselves cannot crack. Did you do any real cryptanalysis of that system?
      • Of course not.Its boring and and i don't like to waste time.I wrote all of them in a week,inspired by bifid cipher system.Now i just don't care about them.Since i don't have the skills to write encryption programs,i can't implement them.And manual encryption,decryption etc takes too much time.
  • by udippel ( 562132 ) on Sunday May 27, 2007 @10:10AM (#19292075)
    ... or better: is Kish any electrical engineer ?
    To me, this whole matter with his formulae of the noise of a resistor is just hocus pocus; as much as the math is correct. But any reasonable electrical engineer knows these ...
    What Kish rather seems to propose, is the injection of noise into a link; noise at two levels, nevermind if they are derived from a resistor, short-circuited or not, or any other noise generator.

    Over. What he then says is the following:
    If Alice sends high noise level ('H'), Bob will send low ('L') noise level; and vice versa.
    The man-in-the-middle will have tri-state noise: LL,LH/HL,HH. LL and HH are out. The assumption in that paper, hidden behind a lot of barrage, is: LH and HL will appear identical to the eaves-dropper. Alice. however, when sending L, can pass an information quantum (since Bob will switch to H, knowing Alice sends L); while Alice sending H, Bob will switch to L, knowing Alice sends H).
    The theory of Kish is, that Eve will have no clue if she intercepts HL or LH. Which only works in theory.
    Because any electrical engineer deserving his title will tell you that those sources won't produce noise of identical spectrum in the first place. Therefore, the spectra will change, giving you a sequence of jumps. The maximum you have to do is toggling ... . Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels. No, that is even simple, because the levels - as we know - are H and L. So the autocorrelation of H can be found out without much ado; either H travels right-to-left or left-to-right. Voilà. L doesn't disturb the autocorrelation function. Along the line, any line, higher spectral components are reduced; another rule all electrical engineers know: any practical system is by default a lowpass. When Eve1 and Eve2 simply record the signal, close to Alice and close to Bob, they can find out where the higher spectral components are to be found. Meaning, the sender of H is known.

    Much ado about nothing, me thinks ...
    • Re: (Score:3, Insightful)

      by jmv ( 93421 )
      Furthermore, if Eve1 and Eve2 listen in a distance of only a few meters, they can auto-correlate the signal(s) and find the direction from which it travels.

      Not even a need to auto-correlate. If you measure both the current and voltage in one point of the transmission line, you can figure out which way the signals are going. On top of that problem, I can't really see that method scale in the Gbps, while I can easily imagine the single-photon methods scaling that high.
  • by grumbel ( 592662 ) <grumbel+slashdot@gmail.com> on Sunday May 27, 2007 @10:10AM (#19292077) Homepage
    What would this or quantum cryptography be good for in practical terms? From what I understand they only work for a single connection, i.e. when Alice wants to talk to Bob they have to have a wire running from one to another. Which means that range is rather limited and it also means it would be easy to attack. Somebody could simply cut the wire and thus forcing Alice and Bob to fall back to other insecure means of communication or to not communicate at all.

    Are there ways to use these secure channels to build a real redundant network where traffic could be rerouted when lines fail? Or would the routers end up being the weak spot? Making it just as insecure as every other network?

    Are there any other types of uses where those connections might be useful or are they no more theoretical toys?
    • by evilviper ( 135110 ) on Sunday May 27, 2007 @10:56AM (#19292401) Journal

      What would this or quantum cryptography be good for in practical terms?

      Two offices, say, across town, that want to communicate very securely.

      Somebody could simply cut the wire and thus forcing Alice and Bob to [...] not communicate at all.

      When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

      If it's just some rival company trying to disrupt service, a line crew goes out, fixes the line, and they're back up and running before they even want/need to change the encryption key.

      And what would be the point, since you could just as easily cut the other communications lines (eg. OC3s), the power lines, etc., etc.
      • Re: (Score:3, Insightful)

        by grumbel ( 592662 )
        ### When would that possibly be a problem? That would basically require some strange situation with a totalitarian government that wants to disrupt communications between two end points, but apparently doesn't actually want to get access to the unencrypted information itself.

        The point is: When I disrupt your valuable crypto channel long enough you simply can't use it and have to fall back to other means of less secure means of communication which I then can intercept.

        ### And what would be the point, since y
        • When I disrupt your valuable crypto channel long enough you simply can't use it and have to fall back to other means of less secure means of communication which I then can intercept.

          Yeah, you said that the first time, and I responded: "a line crew goes out, fixes the line, and they're back up and running before they even want/need to change the encryption key."

          Other lines of communication can be easily made redundant, since they don't have to directly go from A to B.

          No, they actually have to directly go fr

      • Hey, if the two offices want to communicate very securely, why don't they just generate a key of sufficient length and send it across town on a physical medium? They could even just use PKC and call each other to verify the hashes. I think this is too much trouble for too little gain...
        • Hey, if the two offices want to communicate very securely, why don't they just generate a key of sufficient length and send it across town on a physical medium?

          It's hard to prove that the physical medium wasn't quietly intercepted. Quantum is provably secure.

          That also doesn't allow frequent key changes, and after a short while the quantum link should be less expensive than physically sending people across town.

          They could even just use PKC and call each other to verify the hashes.

          Public-key isn't fast or in

          • You don't have to transmit anything to verify a public key. Hell, you could put its hash out on the internet. It only serves to tie an actual person to the key one has, to make sure there hasn't been a man-in-the-middle attack. As for speed, that's why you encrypt one-time keys with PKC and then use symmetric cryptography with that key. It's how PGP/GPG work.

  • I'm pretty sure this is how the cosmic microwave background radiation [wikipedia.org] is generated.

    ~kulakovich
  • by MajorBlunder ( 114448 ) on Sunday May 27, 2007 @10:39AM (#19292283)
    The result could be an effectively impenetrable way of securing communications, possibly outperforming quantum cryptography keys.

    When I read this, I had a flash back to a Dr. Who episode.(paraphrasing)

    Army General: Trust me doctor this place is impenetrable.

    Doctor: The problem with impenetrable is that it sounds too much like unsinkable.

    Army General: Well whats wrong with that?

    Doctor: Ask the passengers of the Titanic.

    I always get a little bit itchy whenever people start throwing superlatives around like unbreakable, impenetrable, etc. Nature, Human ingenuity, or Human stupidity all have a nasty habit of proving us wrong.

  • by Anonymous Coward
    FTA the reasoning is: "...

    [a] it takes an "educated eavesdropper" to even realise information is being sent when there seems to be just low-level noise on the line.

    [b] If they do try to eavesdrop, they can only tell a message is being sent, not what it is, because it's impossible to tell whether Alice has a high or low resistor turned on, and whether the bit of information is a 1 or a 0.

    [c] What's more, eavesdropping on the line will naturally alter the level of thermal noise, so Alice and Bob will know tha
    • by mark-t ( 151149 )
      Actually 'b' is okay... because whenever there is an intermediate level of thermal noise, all a person eavesdropping is going to know is that the two sides picked different resistors for that bit, but he cannot ever know for sure which side picked what, because either side may switch resistors at any time. But each side will know what the other picked because it's just the opposite of their own for that particular bit. Whenever they pick the same resistor, by my understanding it would be roughly the same

  • This looks interesting, great. But as long as we're in the "what is better than what" game, how is this any better than one-time pad?

    If you're going to go to the work of putting down a single, dedicated wire with two fixed endpoints - it would seem a lot easier for Alice and Bob to just meet, generate 2 identical random pads (with current disks, 1TB is easy) an then Alice and Bob communicate securely until they meet next. Done.

    Seriously, what keeps an attacker from just cutting the wire? Poof! no more ch
  • At being hyped beyond its true usefulness!

    I belive congrats are in order.

    TLF
  • I have a real problem understanding all this. Maybe my knowledge of crypto is flawed (most likely), or I simply did not understand this technique.
    Crypto, from my point of view, faces 2 main problems:

    1) The safe transmission of the key
    2) The computational power to encode/decode the message

    Asymmetric cryptography solves the first problem, while with symmetric cryptography, the second problem is much smaller.

    To "solve" both, we have things like what is used with HTTPS. You first use asymmetric to transmit a sy
    • Consider how your approach differs from what's usually considered ideal (or at least very close): one time pads. The key is used once and there's no way to show that any decryption is more valid than another. This is of course unsuitable for the internet and other places where communication are never trustworthy. HTTPS' approach to this doesn't solve the problem, it delays it. It's computationally expensive yes, but possible. Suitable at the moment for consumer technologies like banking, but long term, quan
      • by morcego ( 260031 )
        Lemme see if I follow you.

        What you pointed about HTTPS, lets call it "key reusability", is not really an issue. I'm not exactly sure about HTTPS, but many other symmetric/asymmetric situations I've studied you get the a new symmetric key negotiated from time to time. So your time to find out what that key is, and still be able to use it, is pretty short. Lets say 60 seconds, which is a pretty short time to break a 128 key.

        So, you are pointing out we have a low speed (or high cost) fixed secure channel and,
  • Hmm, that may have been useful 50 years ago. It is somewhat like discoving a new way to make stone axe.
  • Hmm, my intuition immediately says this won't work for reason or another.
    I haven't yet seen a compelling argument why it won't work in all its simplicity, but I'm positive it's BS. My intuition seldomly fails when talking about matters I think I understand (...I Think...).

    (Random rambling)
    Eve has a probe in the line. It attaches to the line near Alice and Bob. It is effectively very big resistor and a small power source, which circulates small current through the wires and his own resistor. Now, Alice attac
  • Neal Stephenson wrote about a similar method in Cryptonomicon. Something about using music to mask communications sent over radio. The sender plays music and masks the information being sent. The receiver knows what music it is and can play it to 'cancel out' the broadcast music leaving behind just the message. Or something like that.

  • Lets see, I hook an ammeter up around the wire at any point. I get three current levels. 2xHighREsistance = low current, 2xLowResistance = high current, HighAndLowResistance = medium current.

    So I have a 50% chance of knowing a bit with absolute certainty, so you can only use the bits generated when the resisters are mismatched by knowing that I used High, so they used Low.

    Now, if they are using DC it is infinitely easy to tell who used low and who used high by the amount of voltage drop.

    If they are using
  • Not only does this not add any new information to the 2005 /. article [slashdot.org], it also leaves out all the discussion that happened last time.

    Specifically, some Slashdotters pointed out that, due to the speed of light, Eve can tap the line in two places at once and watch the "instant" change in the circuit propagate from sender to receiver. You don't even need a full man-in-the-middle to crack this.

    • Oh, and I should add that the new article rather misrepresents what Bruce Schneier said about the system when it last made the rounds. Bruce's point was that, although it's a clunky and horrible system, quantum crypto is slightly more clunky and horrible. Therefore, on the off chance that it happens to be secure — Bruce didn't say one way or another, since he doesn't know enough physics to analyze it — it might make a good substitute.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...