Re: First quantum crypto bank transfer
At 01:00 PM 8/21/2004, Florian Weimer wrote: However, I still don't believe that quantum cryptography can buy you anything but research funding (and probably easier lawful intercept because end-to-end encryption is so much harder). I agree that it doesn't look useful, but lawful intercept is harder, if you're defining that as undetected eavesdropping with possible cooperation of the telco in the middle, because quantum crypto needs end-to-end fiber so there's nothing the telco can help with except installing dark fiber, and the quantum crypto lets you detect eavesdroppers. On the other hand, at least in the US and probably in Germany, if the government wants the records of a bank's transactions, all they need is the locally-proper paperwork demanding the data, which is a threat model that quantum crypto doesn't help with, especially since the costs of that attack are much lower than tapping quantum fiber transactions. An intermediate level of weakness is detection of who the bank is communicating with. In the case of quantum crypto, it's simple - just follow the fiber to the other end. But banks are a semi-special case for this threat also, because you know that a bank's headquarters will talk to other buildings belonging to that bank, so it's no information leak... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: First quantum crypto bank transfer
* Jerrold Leichter: | Not quite correct, the first bank transfer occurred earlier this year, | in a PR event arranged by the same group: | | http://www.quantenkryptographie.at/rathaus_press.html | | However, I still don't believe that quantum cryptography can buy you | anything but research funding (and probably easier lawful intercept | because end-to-end encryption is so much harder). Not to attack you personally - I've heard the same comments from many other people - but this is a remarkably parochial attitude. I'm the last person to argue against basic research, but I'm really against presenting it as if had direct practical relevance. Basic research such receive government funding, but not based on the false claim that it can secure bank transfers. Quantum crypto raises fundamental issues in physics. The interaction of information and QM is complex and very poorly understood. No one really knows what's possible. This is neat stuff, and really nice research. New results are appearing at a rapid pace. I fully agree. Experimental quantum physics *is* important, but much more from a physics point of view than from a cryptography point of view. Will this end up producing something new and useful? Who can say? Right now, we're seeing the classic uses for a new technique or technology: Solving the old problems in ways that are probably no better than the old solutions. My trouble with quantum key distribution is that at the current stage, the experiments are stunning, but it's snake oil from a cryptography perspective. Have you actually at some of the quantum key distribution papers? The ones I examined even lack such a simple thing as a threat model, and as a result, the authors completely miss man-in-the-middle attacks where the attacker splits the fiber into two pieces, runs two instances of the QKD protocol, and reencrypts the communication after key distribution. Alternatively, how anyone can have absolute confidence in conventional crypto in a week when a surprise attack appears against a widely-fielded primitive like MD5 is beyond me. Is our certainty about AES's security really any better today than was our certainty about RIPEM - or even SHA-0 - was three weeks ago? If we postulate that man-in-the-middle attacks are non-existent, convential cryptography is suddenly much stronger, too. 8-) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Microsoft .NET PRNG (fwd)
Anton Stiglic wrote: There is some detail in the FIPS 140 security policy of Microsoft's cryptographic provider, for Windows XP and Windows 2000. See for example http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf where they say the RNG is based on FIPS 186 RNG using SHS. The seed is based on the collection of allot of data, enumerated in the security policy. I would guess that what is written is true, less NIST would look very bad if someone reversed engineered the code and showed that what they certified was wrong. So based on that it would seem that the PRNG in recent Microsoft cryptographic providers is o.k. That's if you think FIPS 186 is OK, which by many standards, it is not (I had occasion to look at it closely when doing FIPS 140 for OpenSSL). Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]