… plans emerged last week when the Australian Signals Directorate (ASD) published guidance for High Assurance Cryptographic Equipment (HACE) – devices that send and/or receive sensitive information – that calls for disallowing the cryptographic algorithms SHA-256, RSA, ECDSA and ECDH, among others, by the end of this decade.
With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.
“The migration within five years will not be easy, as every single web connection currently uses ECDH and RSA/ECDSA,” he wrote. “These methods are also used for many other parts of a secure infrastructure.”
Looks like we could be in for interesting times.
Voroxpete@sh.itjust.works
on 18 Dec 17:55
nextcollapse
The notion that quantum computing will make encryption useless anytime in the near future is a wild fantasy.
Yes, the potential exists that a fully realized version of quantum computing might do this. If such a thing actually ends up existing anytime soon. That is a big if. Right now we’re still very much in the “Working out if this is even feasible” stage.
Even if fully realized quantum computers become a thing, and do all the things we want them to do, we’ll be decades away from having enough of them to be able to apply quantum compute time to any random conversation on the off chance it contains something important. That’s like fishing by hocking gold bars into the ocean in the hopes that one of them hits a fish on the way down.
TimeSquirrel@kbin.melroy.org
on 18 Dec 19:22
nextcollapse
Also getting tired of people associating the word "quantum" with futuristic or extremely advanced, thinking somehow they will supercharge AI or something.
All it means is the idea that everything is discrete packets of energy, or "quanta", existing in various fields. It's a mathematical model to describe what we see. That's it.
Voroxpete@sh.itjust.works
on 18 Dec 20:09
nextcollapse
In the case of quantum computing, there is a real meaning to it (in really vague terms, its computing using the suoerposition of quantum states to collapse extraordinarily complex problems down to a single answer). The problem rather is that right now companies are eagerly hyping this tech as being “just around the corner” when it’s nothing of the sort (unless a bunch of massive breakthroughs suddenly turn up).
I think that’s enough to be honest because reality exists only when we look at it.
Thekingoflorda@lemmy.world
on 19 Dec 06:30
nextcollapse
It doesn’t really matter that it’s still a long time away, once it arrives all previous messages could potentially be decrypted.
Messages can be intercepted and stored, and I would bet a lot that an organization like the NSA does this.
Feels to me like it’s more of a better be safe them sorry thing.
Voroxpete@sh.itjust.works
on 19 Dec 11:10
nextcollapse
Again, what you’re not clocking here is that it will be a very, very long time before we have sufficient quantum compute time available to engage in large scale decryption. Even just getting to the point where they can decrypt all newly generated messages will be a long time. By that point you’d have decades of historical messages to did through.
Barring some wild, out of nowhere leap forward in the feasibility, scalability and affordability of the tech, you’ll be dead by the time the NSA gets around to reading your old messages.
Thekingoflorda@lemmy.world
on 19 Dec 11:31
collapse
But they don’t have to dig trough all messages though. They can target specific people or organizations. And the fact that there is a possibility that this happens within the next 50 years, is a concern for spy agencies and other organizations with sensitive data.
There are encyption methods in existence that are resistant to any likely implementation of quantum computing as it’s now understood. It may be that, in the future, quantum computing is developed to be better able to crack those ciphers, but it’s equally likely that other methods of encryption will be developed that are even more resistant to quantum cracking.
drosophila@lemmy.blahaj.zone
on 19 Dec 06:57
nextcollapse
Even if it takes 100+ years for quantum cryptanalysis to become viable I would rather we start switching over to better algorithms now.
It’s the specifics that matter though. IF this happens, it won’t be “random conversations”. It will be decrypting Zcash purchases, or specific VPN sessions. It’s the reason national defense communication goes through air gapped lines, future proofs against those targeted methods.
“With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.”
Sounds like corruption to me. Hey gov’t pal, let’s make crazy requirements for security due to a quantum boogyman so I can sell you consultants and all new equipment with insane processing capabilities for a shit ton of money. Look for the greasy palms.
Decades of research and we are at 100 qbits and estimates are bouncing around that estimate it will take millions. Once we build them, job #1 will be reading government email?
Maybe, but it’s a lot easier just to use backdoors, software bugs, spies, and good ol’ bribes.
threaded - newest
The notion that quantum computing will make encryption useless anytime in the near future is a wild fantasy.
Yes, the potential exists that a fully realized version of quantum computing might do this. If such a thing actually ends up existing anytime soon. That is a big if. Right now we’re still very much in the “Working out if this is even feasible” stage.
Even if fully realized quantum computers become a thing, and do all the things we want them to do, we’ll be decades away from having enough of them to be able to apply quantum compute time to any random conversation on the off chance it contains something important. That’s like fishing by hocking gold bars into the ocean in the hopes that one of them hits a fish on the way down.
Also getting tired of people associating the word "quantum" with futuristic or extremely advanced, thinking somehow they will supercharge AI or something.
All it means is the idea that everything is discrete packets of energy, or "quanta", existing in various fields. It's a mathematical model to describe what we see. That's it.
In the case of quantum computing, there is a real meaning to it (in really vague terms, its computing using the suoerposition of quantum states to collapse extraordinarily complex problems down to a single answer). The problem rather is that right now companies are eagerly hyping this tech as being “just around the corner” when it’s nothing of the sort (unless a bunch of massive breakthroughs suddenly turn up).
I think that’s enough to be honest because reality exists only when we look at it.
It doesn’t really matter that it’s still a long time away, once it arrives all previous messages could potentially be decrypted. Messages can be intercepted and stored, and I would bet a lot that an organization like the NSA does this. Feels to me like it’s more of a better be safe them sorry thing.
Again, what you’re not clocking here is that it will be a very, very long time before we have sufficient quantum compute time available to engage in large scale decryption. Even just getting to the point where they can decrypt all newly generated messages will be a long time. By that point you’d have decades of historical messages to did through.
Barring some wild, out of nowhere leap forward in the feasibility, scalability and affordability of the tech, you’ll be dead by the time the NSA gets around to reading your old messages.
But they don’t have to dig trough all messages though. They can target specific people or organizations. And the fact that there is a possibility that this happens within the next 50 years, is a concern for spy agencies and other organizations with sensitive data.
There are encyption methods in existence that are resistant to any likely implementation of quantum computing as it’s now understood. It may be that, in the future, quantum computing is developed to be better able to crack those ciphers, but it’s equally likely that other methods of encryption will be developed that are even more resistant to quantum cracking.
Even if it takes 100+ years for quantum cryptanalysis to become viable I would rather we start switching over to better algorithms now.
It’s the specifics that matter though. IF this happens, it won’t be “random conversations”. It will be decrypting Zcash purchases, or specific VPN sessions. It’s the reason national defense communication goes through air gapped lines, future proofs against those targeted methods.
“With regard to the algorithms used to hash data – particularly SHA-224 and SHA-256 – Buchanan expressed surprise that neither will be approved for use beyond 2030.”
Sounds like corruption to me. Hey gov’t pal, let’s make crazy requirements for security due to a quantum boogyman so I can sell you consultants and all new equipment with insane processing capabilities for a shit ton of money. Look for the greasy palms.
Decades of research and we are at 100 qbits and estimates are bouncing around that estimate it will take millions. Once we build them, job #1 will be reading government email?
Maybe, but it’s a lot easier just to use backdoors, software bugs, spies, and good ol’ bribes.