/. is running yet another story on quantum cryptography today, with the usual breathless hype: http://science.slashdot.org/article.pl?sid=04/04/12/133623 I'm especially unimpressed with the "Does this spell the end of the field of cryptography?" comment. For those who don't know much about what it is, "Quantum Cryptography" is a very expensive way of producing an unauthenticated link encryption device. It is useless for any application other than link encryption over a short distance and requires a dedicated optical fiber to work. QC has no properties that render it especially better for link encryption than, say, a box from one of several vendors running AES on the link instead. It is perhaps theoretically safer, but in practice no one is going to break AES either -- they're going to bribe the minimum wage guard at your colo to have 20 minutes alone with your box while they install a tap on the clear side of it (or worse, they'll slip in while the guard is asleep at his desk.) QC still requires link authentication (lest someone else other than the people you think you're talking to terminate your fiber instead). As a result of this, you can't really get rid of key management, so QC isn't going to buy you freedom from that. QC can only run over a dedicated fiber over a short run, where more normal mechanisms can work fine over any sort of medium -- copper, the PSTN, the internet, etc, and can operate without distance limitation. QC is fiendishly costly -- orders of magnitude more expensive than an AES based link encryption box. QC is extremely hard to test to assure there are no hardware or other failures -- given the key in use, I can use intercepted traffic to assure my AES link encryption box is working correctly, but I have no such mechanism for a QC box. On top of all of this, the real problems in computer security these days have nothing to do with stuff like how your link encryption box works and everything to do with stuff like buffer overflows, bad network architecture, etc. Given that what we're dealing with is a very limited technology that for a very high price will render you security that is at best not particularly better than what much more economical solutions will yield, why do people keep hyping this? Indeed, why do people buy these boxes, if indeed anyone is buying them? It is stunning that a lab curiosity continues to be mentioned over and over again, not to mention to see venture capitalists dump money after it. BTW, none of this has anything to do with "Quantum Computing", which may indeed yield breakthroughs someday in areas such as factoring but which is totally unrelated... Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'