silky <michaelsli...@gmail.com> writes: > On Wed, Apr 21, 2010 at 1:31 AM, Perry E. Metzger <pe...@piermont.com> wrote: >> >> Via /., I saw the following article on ever higher speed QKD: >> >> http://www.wired.co.uk/news/archive/2010-04/19/super-secure-data-encryption-gets-faster.aspx >> >> Very interesting physics, but quite useless in the real world. > > Useless now maybe, but it's preparing for a world where RSA is broken > (i.e. quantum computers) and it doesn't require quantum computers; so > it's quite practical, in that sense.
No, it isn't. QKD is useless three different ways. First, AES and other such systems are fine, and the way people break reasonably designed security systems (i.e. not WEP or what have you) is not by attacking the crypto. Second, you can't use QKD on a computer network. It is strictly point to point. Want 200 nodes to talk to each other? Then you need 40,000 fibers, without repeaters, in between the nodes, each with a $10,000 or more piece of equipment at each of the endpoints, for a total cost of hundreds of millions of dollars to do a task ethernet would do for a couple thousand dollars. Third, QKD provides no real security because there is no actual authentication. If someone wants to play man in the middle, nothing stops them. If someone wants to cut the fiber and speak QKD to one endpoint, telling it false information, nothing stops them. You can speak the QKD protocol to both endpoints and no one will be the wiser. So, you need some way of providing privacy and authentication... perhaps a conventional cryptosystem. So, what did QKD provide you with again? There is no point to QKD at all. Perry -- Perry E. Metzger pe...@piermont.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com