ACTUALLY, quantum computing does more than just halve the effective key length. With classical computing, the resources required to attack a given key grow exponentially with key length. (a 128-bit key has 2^128 possibilities, 129 has 2^129, etc. etc. you all know this...) With quantum computing, however, the complexity of an attack grows only polynomially. Hence a MUCH MUCH more agreeable time frame for brute force attacks. Good stuff, eh? ~SAM
> From: "Trei, Peter" <[EMAIL PROTECTED]> > Date: Wed, 16 Oct 2002 14:50:03 -0400 > To: David Howe <[EMAIL PROTECTED]>, "Email List: Cypherpunks" > <[EMAIL PROTECTED]>, "'David E. Weekly'" <[EMAIL PROTECTED]> > Subject: RE: One time pads > >> David E. Weekly[SMTP:[EMAIL PROTECTED]] >> >> Naive question here, but what if you made multiple one time pads (XORing >> them all together to get your "true key") and then sent the different pads >> via different mechanisms (one via FedEx, one via secure courier, one via >> your best friend)? Unless *all* were compromised, the combined key would >> still be secure. >> >> As for PKI being secure for 20,000 years, it sure as hell won't be if >> those >> million-qubit prototypes turn out to be worth their salt. Think more like >> 5-10 years. In fact, just about everything except for OTP solutions will >> be >> totally, totally fucked. Which means that you should start thinking about >> using OTP *now* if you have secrets you'd like to keep past when an >> adversary of yours might have access to a quantum computer. I'd put 50 >> years >> as an upper bound on that, 5 years as a lower. >> >> -d >> > Not quite right. My understanding is that quantum > computing can effectively halve the length of a > symmettric key, but that does not take it down to zero. > > Thus, a 256 bit key would, in a QC world, be as secure > as a 128 bit key today, which is to say, pretty good. > > It's the asymmetric algorithms which have problems. > > Peter