[cryptography] Well, that's depressing. Now what?

ianG iang at iang.org
Fri Jan 27 21:46:26 EST 2012

On 28/01/12 12:22 PM, Noon Silk wrote:
> On Sat, Jan 28, 2012 at 6:01 AM, Steven Bellovin<smb at cs.columbia.edu>  wrote:
>>> Or at least that's what everyone thought. More recently, various groups have begun to focus on
>>> a fly in the ointment: the practical implementation of this process. While quantum key distribution
>>> offers perfect security in practice, the devices used to send quantum messages are inevitably
>>> imperfect.
>> This is only surprising if you assume large values of "everyone".  Anyone in the real world has
>> long since worried about implementations.  Remember Bob Morris' Rule 1 of cryptanalysis: check
>> for plaintext.  (http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html)
> So why didn't one of these "real world" people point this out, to
> researchers? It's a bit too easy to claim something as obvious when
> someone just told you.

Real world issues were frequently pointed out, but this isn't a real 
world project, and real world ears weren't listening.

Quantum encryption is an unholy alliance between vulture funders who 
want some scary wonderful box to sell, physicists who need funding to 
play with really sexy ideas, and government who get tickled pink at the 
idea that their scientists are on the cutting edge of society.

They just all come together with the same goal, but different interests.

It is a mistake to think this is about encryption.  As is pointed out 
frequently, we can do more or less the same thing with SSL.

It is ... sadly the case that the market for security is not a real 
market in the sense of good information symmetrically held by all. 
Instead it is a market in silver bullets (google).  This is just another 
silver bullet.


More information about the cryptography mailing list