einfach_orangensaft@sh.itjust.works
on 25 Jun 12:27
nextcollapse
“Flaw” yeah sure no “Tailored access road” there…
I kinda always assumed there is something fishy about Meshtastic…
If you depend on a “off grid” communication device…choose a analog radio that has to dumb of hardware to run a exploit (or broadcast your GPS location lmao).
No they don’t “need” help doing that. Quantum resistance is kind of a waste of time considering the largest number factored by these things is 21.
And the known algorithm we halve just square roots the search space on average. So a 256 bit key is still secure. Quantum resistance just seems like another industry scam to try and take us away from well supported open-source stuff.
redsand@lemmy.dbzer0.com
on 25 Jun 23:40
nextcollapse
It’s just math and the relentless march of technology. Fear not, we have lots of open source post quantum cryptography libraries.
InnerScientist@lemmy.world
on 26 Jun 00:32
nextcollapse
From Wikipedia:
Post-quantum cryptography, sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer.
InnerScientist@lemmy.world
on 26 Jun 10:51
collapse
RSA 1024 is post quantum if you want to ignore progress in cryptography and use current algorithms. (We have no quantum computers that can crack it right now)
It’s about preparing for quantum computers by using algorithms that are secure against conventional and future quantum computers. If you assume that a quantum computer will exist that can crack RSA 2048/4096, then all data that gets send right now can be decrypted at that time. If we get working quantum computers in 20 years then in 20 years all banking data, chat messages, emails,… send with RSA today can be compromised.
If we switch to algorithms that don’t get easier to crack with quantum computers then even when they get strong enough nothing will change and only data send with older algorithms can be decrypted.
See also the rest of the Wikipedia article, here a continuation of my previous snippet:
Most widely used public-key algorithms rely on the difficulty of one of three mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor’s algorithm or possibly alternatives.
As of 2024, quantum computers lack the processing power to break widely used cryptographic algorithms; however, because of the length of time required for migration to quantum-safe cryptography, cryptographers are already designing new algorithms to prepare for Y2Q or Q-Day, the day when current algorithms will be vulnerable to quantum computing attacks.
Smokeydope@lemmy.world
on 26 Jun 00:36
nextcollapse
The point in time after the first qbit based supercomputers transitioned from theoretical abstraction to physical proven reality. Thus opening up the can-of-worms of feasabily cracking classical cryptographic encryptions like an egg within human acceptable time frames instead of longer-than-the-universes-lifespan timeframes… Thanks, superposition probability based parallel computations.
Can they? Can they really break RSA 4096? Because the algorithm we have to do that just turns it from 256 bits of entropy to 128, which is still not breakable.
Algorithms. Plural. Shor’s and Grover’s. Nothing public that can break anything in use but progress marches on and governments are always expected to be 5-10 years ahead
Hm. It appears I did not know about Shor’s. :/ sorry.
Although I’m willing to bet that it requires an exponential amount of correction qbits.
JackbyDev@programming.dev
on 26 Jun 21:36
nextcollapse
The idea that people use quantum computers against meshtastic nodes is pretty funny to me. I think meshtastic attracts a certain kind of person who is security minded and maybe even prepper adjacent (like ham radio tends to). That leads to some odd things like worrying about nation states attacking their nodes.
To be clear, I’m not saying better security isn’t worth it, nor am I saying it wouldn’t ever happen, but the idea that folks are hiding things that important on meshtastic is a little silly to me. I think their biggest threat is other hobbyists. Not nation states.
It’s mostly the issue of saving transmissions for later. Very much not a high priority but solid future planning in the face of governments plagiarizing Orwell and Huxley.
threaded - newest
“Flaw” yeah sure no “Tailored access road” there… I kinda always assumed there is something fishy about Meshtastic…
If you depend on a “off grid” communication device…choose a analog radio that has to dumb of hardware to run a exploit (or broadcast your GPS location lmao).
So just no security instead?
??? U can run encryption over Analog links, i dont quite understand your question.
So that’s illegal…
Depends on the frequency band and nation u are in. In the usa on ham radio? yeah not legal. Elsewhere on 11m its the wild west.
I’m pretty sure it’s illegal to encrypt on amateur bands in the USA. I know with certainty it’s illegal in Canada
Good thing that the world isnt just north america.
k
They still need help upgrading the key exchange to be quantum resistant if anyone needs a summer project.
No they don’t “need” help doing that. Quantum resistance is kind of a waste of time considering the largest number factored by these things is 21.
And the known algorithm we halve just square roots the search space on average. So a 256 bit key is still secure. Quantum resistance just seems like another industry scam to try and take us away from well supported open-source stuff.
It’s just math and the relentless march of technology. Fear not, we have lots of open source post quantum cryptography libraries.
Define “post quantum”
From Wikipedia:
Post-quantum cryptography, sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are currently thought to be secure against a cryptanalytic attack by a quantum computer.
RSA 4096 is post quantum under this definition.
RSA 1024 is post quantum if you want to ignore progress in cryptography and use current algorithms. (We have no quantum computers that can crack it right now)
It’s about preparing for quantum computers by using algorithms that are secure against conventional and future quantum computers. If you assume that a quantum computer will exist that can crack RSA 2048/4096, then all data that gets send right now can be decrypted at that time. If we get working quantum computers in 20 years then in 20 years all banking data, chat messages, emails,… send with RSA today can be compromised.
If we switch to algorithms that don’t get easier to crack with quantum computers then even when they get strong enough nothing will change and only data send with older algorithms can be decrypted.
See also the rest of the Wikipedia article, here a continuation of my previous snippet:
Most widely used public-key algorithms rely on the difficulty of one of three mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor’s algorithm or possibly alternatives.
As of 2024, quantum computers lack the processing power to break widely used cryptographic algorithms; however, because of the length of time required for migration to quantum-safe cryptography, cryptographers are already designing new algorithms to prepare for Y2Q or Q-Day, the day when current algorithms will be vulnerable to quantum computing attacks.
The point in time after the first qbit based supercomputers transitioned from theoretical abstraction to physical proven reality. Thus opening up the can-of-worms of feasabily cracking classical cryptographic encryptions like an egg within human acceptable time frames instead of longer-than-the-universes-lifespan timeframes… Thanks, superposition probability based parallel computations.
After quantum. Algorithms for after a quantum computer can crack what’s current.
Can they? Can they really break RSA 4096? Because the algorithm we have to do that just turns it from 256 bits of entropy to 128, which is still not breakable.
Algorithms. Plural. Shor’s and Grover’s. Nothing public that can break anything in use but progress marches on and governments are always expected to be 5-10 years ahead
Hm. It appears I did not know about Shor’s. :/ sorry.
Although I’m willing to bet that it requires an exponential amount of correction qbits.
The idea that people use quantum computers against meshtastic nodes is pretty funny to me. I think meshtastic attracts a certain kind of person who is security minded and maybe even prepper adjacent (like ham radio tends to). That leads to some odd things like worrying about nation states attacking their nodes.
To be clear, I’m not saying better security isn’t worth it, nor am I saying it wouldn’t ever happen, but the idea that folks are hiding things that important on meshtastic is a little silly to me. I think their biggest threat is other hobbyists. Not nation states.
It’s mostly the issue of saving transmissions for later. Very much not a high priority but solid future planning in the face of governments plagiarizing Orwell and Huxley.
It’s also not that hard to implement. It’s just a slightly different algorithm.
Also it’s not an industry scam - literally the only standard out so far is from NIST.