Australia moves to drop some cryptography by 2030 – before quantum carves it up (www.theregister.com)
from vegeta@lemmy.world to technology@lemmy.world on 18 Dec 17:33
https://lemmy.world/post/23283734

#technology

threaded - newest

tkw8@lemm.ee on 18 Dec 17:46 next collapse

… plans emerged last week when the Australian Signals Directorate (ASD) published guidance for High Assurance Cryptographic Equipment (HACE) – devices that send and/or receive sensitive information – that calls for disallowing the cryptographic algorithms SHA-256, RSA, ECDSA and ECDH, among others, by the end of this decade.

With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.

“The migration within five years will not be easy, as every single web connection currently uses ECDH and RSA/ECDSA,” he wrote. “These methods are also used for many other parts of a secure infrastructure.”

Looks like we could be in for interesting times.

Voroxpete@sh.itjust.works on 18 Dec 17:55 next collapse

The notion that quantum computing will make encryption useless anytime in the near future is a wild fantasy.

Yes, the potential exists that a fully realized version of quantum computing might do this. If such a thing actually ends up existing anytime soon. That is a big if. Right now we’re still very much in the “Working out if this is even feasible” stage.

Even if fully realized quantum computers become a thing, and do all the things we want them to do, we’ll be decades away from having enough of them to be able to apply quantum compute time to any random conversation on the off chance it contains something important. That’s like fishing by hocking gold bars into the ocean in the hopes that one of them hits a fish on the way down.

TimeSquirrel@kbin.melroy.org on 18 Dec 19:22 next collapse

Also getting tired of people associating the word "quantum" with futuristic or extremely advanced, thinking somehow they will supercharge AI or something.

All it means is the idea that everything is discrete packets of energy, or "quanta", existing in various fields. It's a mathematical model to describe what we see. That's it.

Voroxpete@sh.itjust.works on 18 Dec 20:09 next collapse

In the case of quantum computing, there is a real meaning to it (in really vague terms, its computing using the suoerposition of quantum states to collapse extraordinarily complex problems down to a single answer). The problem rather is that right now companies are eagerly hyping this tech as being “just around the corner” when it’s nothing of the sort (unless a bunch of massive breakthroughs suddenly turn up).

vane@lemmy.world on 18 Dec 21:37 collapse

I think that’s enough to be honest because reality exists only when we look at it.

Thekingoflorda@lemmy.world on 19 Dec 06:30 next collapse

It doesn’t really matter that it’s still a long time away, once it arrives all previous messages could potentially be decrypted. Messages can be intercepted and stored, and I would bet a lot that an organization like the NSA does this. Feels to me like it’s more of a better be safe them sorry thing.

Voroxpete@sh.itjust.works on 19 Dec 11:10 next collapse

Again, what you’re not clocking here is that it will be a very, very long time before we have sufficient quantum compute time available to engage in large scale decryption. Even just getting to the point where they can decrypt all newly generated messages will be a long time. By that point you’d have decades of historical messages to did through.

Barring some wild, out of nowhere leap forward in the feasibility, scalability and affordability of the tech, you’ll be dead by the time the NSA gets around to reading your old messages.

Thekingoflorda@lemmy.world on 19 Dec 11:31 collapse

But they don’t have to dig trough all messages though. They can target specific people or organizations. And the fact that there is a possibility that this happens within the next 50 years, is a concern for spy agencies and other organizations with sensitive data.

futatorius@lemm.ee on 19 Dec 13:26 collapse

There are encyption methods in existence that are resistant to any likely implementation of quantum computing as it’s now understood. It may be that, in the future, quantum computing is developed to be better able to crack those ciphers, but it’s equally likely that other methods of encryption will be developed that are even more resistant to quantum cracking.

drosophila@lemmy.blahaj.zone on 19 Dec 06:57 next collapse

Even if it takes 100+ years for quantum cryptanalysis to become viable I would rather we start switching over to better algorithms now.

fmstrat@lemmy.nowsci.com on 19 Dec 13:39 collapse

It’s the specifics that matter though. IF this happens, it won’t be “random conversations”. It will be decrypting Zcash purchases, or specific VPN sessions. It’s the reason national defense communication goes through air gapped lines, future proofs against those targeted methods.

7rokhym@lemmy.ca on 18 Dec 23:04 collapse

“With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.”

Sounds like corruption to me. Hey gov’t pal, let’s make crazy requirements for security due to a quantum boogyman so I can sell you consultants and all new equipment with insane processing capabilities for a shit ton of money. Look for the greasy palms.

Decades of research and we are at 100 qbits and estimates are bouncing around that estimate it will take millions. Once we build them, job #1 will be reading government email?

Maybe, but it’s a lot easier just to use backdoors, software bugs, spies, and good ol’ bribes.