[cryptography] Well, that's depressing. Now what?

ianG iang at iang.org
Sat Jan 28 19:31:25 EST 2012


On 29/01/12 10:45 AM, Noon Silk wrote:

>  ... it's not sensible to say "QKD is snake
> oil", without direct reference to something.


Well, if you don't like the conclusion, there are books written on how 
to attack it :) that doesn't mean much tho.

QKD is snake oil because it achieves a benefit over other techniques 
that is marginal, unreliable, unproven, and costs a hell of a lot of money.

The notion that you can spot someone fiddling with your packets is 
marketing blather, in the scheme of things.  In the real world, this 
will generally be interpreted as faulty equipment (insert some bayesian 
statistics here) so you can't rely on it being a feature that delivers 
value.  If you want more, think about an aggressive attacker ... all 
he's got to do is put a wiretap on the fibre, futze with the packets 
enough until you get sick of it, and then you'll change it all because 
you can't deal with it.

And, as the existing product out there provides pretty solid key 
exchange for zero cost, relatively speaking, what's the point in paying 
megabucks for it?  QKD has to do something pretty remarkable make it 
worth all those dollars, and what it does isn't nearly interesting enough.

It's straight forward economics, really.

iang



More information about the cryptography mailing list