[Cryptography] Why Quantum Cryptanalysis is Bollocks
efc at disroot.org
efc at disroot.org
Tue Aug 6 06:06:30 EDT 2024
On Sun, 4 Aug 2024, Bill Stewart wrote:
> On 7/31/2024 8:13 PM, Peter Gutmann wrote:
>> I've just posted the draft slides for a talk with the above title, which
>> also
>> happens to perfectly summarise its contents, to:
>>
>> http://www.cs.auckland.ac.nz/~pgut001/pubs/bollocks.pdf
>>
>> I'd be interested in any comments/feedback/whatever people might have on
>> this.
>
> XKCD #538 "Hit him with this $5 wrench" decryption is still valid for
> post-quantum encryption algorithms.
> https://www.explainxkcd.com/wiki/index.php/538:_Security
>
I enjoyed the talk. The strongest message for me was that of simplicity
which mirrors my own experience. When I see integration pipelines, vast
kubernetes clusters, reliance on 10+ cloud services and remote api:s, web
based password managers etc. I say to myself that security incidents will
happen and that it is just a matter of time. No single employee of the
company has a complete view of the connections, interactions and
dependencies. Those are spread over many companies all over the world.
To contrast that, I enjoy building classic solutions, where software is
hosted on a few big servers, protected by certificates and keeping the
attack surface small.
Yes, I am not a FAANG engineer, but run my own small consulting company,
and I have never had a security incident with any of my solutions so far.
The slide about the embedded engineers resonated the most with
me. I think the talk was good and I agree with the opinion of the author
and would love to see a more "back to basics" approach to how we design
modern systems and applications.
More information about the cryptography
mailing list