Quantum Crypto

Perry E.Metzger perry at piermont.com
Sat Dec 20 09:50:34 EST 2003 

John Lowry <jlowry at charter.net> writes:
> Perry is absolutely right.
> There is no point in pursuing this.
> It might even be analogous to what we now know about computers.
> We were warned that there would never be a need for more than
> A half-dozen - after all, they were extremely expensive just to get
> A few more digits in the logarithm table ...  Thank goodness that we stopped
> those wasteful government research efforts and put money into improving
> analog mechanical desktop calculators - which is all anyone ever needed
> anyway.  ;-)

Your amusing banter aside, my point remains. QCrypto doesn't solve any
problems that anyone has in the real world -- everything it can do can
be done far more cheaply and indeed far better by other means -- so it
is a large expense that serves no purpose.

I know of no company using something like AES+HMAC for link security
that has had its cryptographically secured communications successfully
attacked by cryptanalysis* -- and AES is free, and running it is nearly
free. On the other hand, I know of lots of companies that have had
problems because they haven't thought out their remote access systems
well or because they are running software vulnerable to buffer
overflows. The issue is not that we need "unbreakable crypto" -- we
already have it for practical purposes. The issue is that our systems
are not built robustly.

> Please don't dismiss what is really a very new research area with unknown
> potential -

This is not an issue of "unknown potential" -- we know what the
systems being marketed do. They have specifications and user manuals.

I would never suggest that people stop research, of course, but it
seems that QCrypto is not a solution to any real world problem.

Perry

*By this, I don't include things like "the key management algorithm
 only used all ones as the key" -- I mean legitimate attacks against
 AES etc.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list