Quantum computing – a new potential security threat to the encrypted laptop

probe

Steve Gibson talks briefly about this matter in response to a listener’s question in this week's edition, and promises to do a full show on quantum computing’s potential or otherwise to break encryption, in the not too distant future.

Yet another reason for organisations to prevent dataset downloads to employees’ laptops and force them to access the data they need online over a secure connection. Minimising the risk exposure.

Listen to netcast: http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-144.mp3

Website: http://www.twit.tv/sn

.probe

Martyr

probe wrote:

...in the not too distant future.

hmm..yes, but for who?

would doubt the general public will be able to buy off the shelf quantum computers anytime soon.

the military and government agencies will have them first, and they might even try to limit access to the technology.

probe wrote:

Yet another reason for organisations to prevent dataset downloads to employees’ laptops and force them to access the data they need online over a secure connection. Minimising the risk exposure.

definitely the safest option.

Black Swan

Average Joe wrote: »

the military and government agencies will have them first, and they might even try to limit access to the technology.

No Such Agency probably already uses one?

Martyr

well i don't know for sure but then they probably wouldn't be funding any major research into if they had.(unless they wanted to keep it secret)
Peter Shor designed a factoring algorithm for quantum computer that would break most ECC/RSA implementations, but..maybe NSA has something better.

Cantab.

Average Joe wrote: »

hmm..yes, but for who?

would doubt the general public will be able to buy off the shelf quantum computers anytime soon.

the military and government agencies will have them first, and they might even try to limit access to the technology.



definitely the safest option.

Whatever about quantum decryption technology, I'd say you could get your hands on some of the weak laser quantum encryption technology. (the kind of stuff large multinats with quantum technology are trying to sell to big banks and governments).

How many people on here believe that quantum decryption already exists and has been deployed?

It's hard to quantify the risk, but the risk is there and should be mitigated against.

I for one believe quantum decryption exists -- so get recording as much scrambled data as you can! It may be useful in 5-10 years' time!

fergalr

Yet another reason for organisations to prevent dataset downloads to employees’ laptops and force them to access the data they need online over a secure connection. Minimising the risk exposure.

Presumably by secure connection, you mean one secured by some sort of crypto scheme? Is this really how you want your employees accessing their datasets in a world where existing encryption has been compromised?
Isn't the SSL or whatever is being used over the wire more likely to be compromised first than the (presumably stronger computationally?) disk encryptions they are using?

At least if they are accessing it from their laptop, someone has to go through the trouble of stealing their laptop. Maybe you'd be better with the dataset on the laptop :-)
I'm making a hell of a lot of assumptions here (like in any such discussion), but just throwing it out

No Such Agency probably already uses one?

How many people on here believe that quantum decryption already exists and has been deployed?
It's hard to quantify the risk, but the risk is there and should be mitigated against.

Yeah, maybe some secret agency has quantum computer decrypting stuff, and maybe they don't. It's like the speculation over whether someone has a better decryption algorithm than is generally known (ie, might be fun, but there's little new here - at this stage - in terms of threat mitigation).

From a security risk analysis point of view, surely if you've antagonized someone with those sort of resources to the extent they are willing to use them on you, shouldn't you be more worried about rubber hose cryptanalysis etc?

Radley

Quantum encryption is here already. I've seen it in use.

Toshiba have lasers that fire one photon per bit. If an unintended recipient tries to read the data, the photons are disturbed and the receiver knows straight away that someone else is listening.

Marvellous stuff.

fergalr

Quantum encryption is here already. I've seen it in use.

Toshiba have lasers that fire one photon per bit. If an unintended recipient tries to read the data, the photons are disturbed and the receiver knows straight away that someone else is listening.

Marvellous stuff.

Not pretending to understand any of this stuff, but I think most of the thread is about quantum decryption - so in other words, whether it's possible to use some sort of quantum computer to break existing ciphers as currently used and deployed in industry etc - and whether *it* is here already.

I'm really not informed on the subject, but last I heard, it was speculated you could build some sort of quantum computer to break ciphers that are currently unbreakable (with practical compute resources), - ie, 'quantum decryption' as it's referred to here, (perhaps 'quantum cryptanalysis' would be a better term); however, that was still speculation, as no-one had produced a prototype yet.