[cryptography] Well, that's depressing. Now what?
iang at iang.org
Sat Jan 28 19:31:25 EST 2012
On 29/01/12 10:45 AM, Noon Silk wrote:
> ... it's not sensible to say "QKD is snake
> oil", without direct reference to something.
Well, if you don't like the conclusion, there are books written on how
to attack it :) that doesn't mean much tho.
QKD is snake oil because it achieves a benefit over other techniques
that is marginal, unreliable, unproven, and costs a hell of a lot of money.
The notion that you can spot someone fiddling with your packets is
marketing blather, in the scheme of things. In the real world, this
will generally be interpreted as faulty equipment (insert some bayesian
statistics here) so you can't rely on it being a feature that delivers
value. If you want more, think about an aggressive attacker ... all
he's got to do is put a wiretap on the fibre, futze with the packets
enough until you get sick of it, and then you'll change it all because
you can't deal with it.
And, as the existing product out there provides pretty solid key
exchange for zero cost, relatively speaking, what's the point in paying
megabucks for it? QKD has to do something pretty remarkable make it
worth all those dollars, and what it does isn't nearly interesting enough.
It's straight forward economics, really.
More information about the cryptography