[cryptography] Well, that's depressing. Now what?

Steven Bellovin smb at cs.columbia.edu
Sat Jan 28 09:23:47 EST 2012


On Jan 27, 2012, at 8:22 PM, Noon Silk wrote:

> On Sat, Jan 28, 2012 at 6:01 AM, Steven Bellovin <smb at cs.columbia.edu> wrote:
>>> 
>>> Or at least that's what everyone thought. More recently, various groups have begun to focus on
>>> a fly in the ointment: the practical implementation of this process. While quantum key distribution
>>> offers perfect security in practice, the devices used to send quantum messages are inevitably
>>> imperfect.
>> 
>> This is only surprising if you assume large values of "everyone".  Anyone in the real world has
>> long since worried about implementations.  Remember Bob Morris' Rule 1 of cryptanalysis: check
>> for plaintext.  (http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html)
> 
> So why didn't one of these "real world" people point this out, to
> researchers? It's a bit too easy to claim something as obvious when
> someone just told you.

https://www.cs.columbia.edu/~smb/blog/2007-06/2007-06-29.html is something I wrote 4.5
years ago.  You'll note that it mentions the issue of sending more than one photon per
bit.  Bruce Schneier has often written on it:

http://www.schneier.com/blog/archives/2010/09/successful_atta.html
http://www.schneier.com/blog/archives/2009/12/quantum_cryptog_1.html
http://www.wired.com/politics/security/commentary/securitymatters/2008/10/securitymatters_1016

If you go to http://www.mail-archive.com/cryptography@metzdowd.com/msg07680.html
you'll see a whole thread that I, among many others, participated in.


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list