At 09:20 PM 10/16/2002 -0400, Sam Ritchie wrote:
ACTUALLY, quantum computing does more than just halve the effective key length. With classical computing, the resources required to attack a given key grow exponentially with key length. (a 128-bit key has 2^128 possibilities, 129 has 2^129, etc. etc. you all know this...) With quantum computing, however, the complexity of an attack grows only polynomially. Hence a MUCH MUCH more agreeable time frame for brute force attacks. Good stuff, eh?
The speed of quantum computing depends on the algorithm - it's generally believed that for some problems, like factoring, you can hypothetically get a hypothetically-precise-enough quantum computer to resolve in polynomial time instead of exponential, subject to a variety of caveats I don't pretend to understand, but for many other problems they're only cutting the effective number of bits in half (which is still exponentially faster than brute-force, but not *enough* exponentially faster), and for other problems they may not be a match at all. So Peter Trei's assertion that it's really only a big impact on asymmetric cryptosystems, and a much smaller impact on symmetric, is one layer deeper description than yours, and it's something that does still leave us with practical ways to use cryptography that don't include briefcases and handcuffs. Myself, I'd rather hang out at Delphi waiting for the stoned babe to give out the correct answers.... :-) ("If you use the right key, a great kingdom will fall...")