Bank transfer via quantum crypto

Ivan Krstic ccikrs1 at cranbrook.edu
Sun May 9 00:16:53 EDT 2004 

Apologies for the late response. Finals have a knack for keeping me away 
from the keyboard.

Ian Grigg wrote:
> You are looking at QC from a scientific perspective.
> What is happening is not scientific, but business.

[Points 1..7 snipped]

> Hence, quantum cryptogtaphy.  Cryptographers and
> engineers will recognise that this is a pure FUD
> play.  But, QC is cool, and only cool sells.  

See, this is what's scary to me: the cool being what sells is an 
indication that PHBs, instead of technically capable people, are making 
decisions when it comes to crypto. Maybe this is incredibly obvious to 
the veterans in the field, but it's a disillusionment I prefer not to have.

It reminds me of a guy I know who, every time when asked about his 
software, would rant off the features and conclude with "It also 
features a phase multiplexer." He's never been asked about it. If it 
weren't funny, it'd be sad.

> Where we are now is the start of a new hype
> cycle.  This is to be expected, as the prior
> hype cycle(s) have passed.  PKI has flopped and
> is now known in the customer base (finance
> industry and government) as a disaster.  But,
> these same customers are desparate for solutions,
> and as always are vulnerable to a sales pitch.

This is part of my lack of understanding: I find it impossible to 
believe that - given a market begging for solutions - no one is offering 
high-quality non-QC link encryption boxes. Your points focused on the 
existing situation (particularly in the finance industry) which 
essentially amounts to "people use insecure private telco lines to feel 
secure". The scenario I am missing - and you didn't address - is why 
someone with a little time and understanding doesn't throw together a 
few chips and offer an out-of-the-box crypto tunnel solution (or, if 
there is one, why isn't it catching on?).

What do you really need for a simple point-to-point encryption? Linksys 
makes a $70 wifi router that has a 125MHz MIPS processor, 16 MB RAM + 4 
MB Flash ROM, two 10/100Mbit ethernet controllers, and runs Linux 2.4. 
If someone paid me for a few hours of work, I could probably make a pair 
of *those* do secure link encryption. Rijndael isn't computationally 
expensive, and putting in a few extra bucks would likely afford you 
processing power that could support tank-like (Serpent?) encryption 
transparently.

The way I see this is that there are two options: consumers can entrust 
the security of their data to physics they don't understand, or 
mathematics they don't understand. One of the fundamental differences is 
that the former *no one* understands, and its price reflects that. With 
the latter, well - quite a few people understand the math behind crypto, 
and silicon is cheap these days. So what are people waiting for? Why 
doesn't everyone concerned for their link security have a pair of cheap 
strong crypto devices at both ends?

Cheers,
Ivan

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list