Galt's Gulch
14

How a quantum computer could break 2048-bit RSA encryption in 8 hours | MIT Technology Review

Posted by $ AJAshinoff 5 months, 2 weeks ago to Technology
22 comments | Share | Flag

Yeah, crypo is safe? 2048 encryption is about 10x stronger than whats in use today. Brave new world? House of cards?
SOURCE URL: https://www.technologyreview.com/2019/05/30/65724/how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours/

Add Comment

FORMATTING HELP

All Comments Hide marked as read Mark all as read

    -
  • 10
    Posted by $ rainman0720 5 months, 1 week ago
    I'm not an expert in code-breaking or in cyber security, but I wrote and maintained application code for almost 45 years before retiring.

    My understanding of an RSA token (at least as we used it) is that it requires at least two parts, one of which is constant, the other is not a constant. In my case, the RSA token concept we used for years was built like that. There was an 8-digit number that was a constant, sitting somewhere, representing half the key. The second half of the key was another 8-digit number that either was on a token or in an app and this number changed every 60 seconds.

    Which means that for the next 60 seconds, the key to get into my account might be 123456803857499. But in 61 seconds, the key to my account might be 1234567899482290. And if the internal timer was set differently, my keys might change every 30 seconds, or maybe every 15 seconds.

    I suppose a quantum computer might be able to do the calculations fast enough to break that 16-digit code within the 60 or 30 or 15 seconds. But if the fixed numerical code was expanded from 8 to say 12 digits, and the variable number was also expanded to 12 digits, then a bazillion more combinations are possible. And eventually, I'd be willing to be that the two keys together would be long enough to beat even a quantum computer.

    Of course, I can render this entire idea moot with one simple (but often overlooked) security feature: Locking an account after a very small number of invalid login attempts. I don't care if a quantum computer can perform at the speed of light; if it tries three or five invalid keys, the account is locked, and that same quantum computer will NEVER get into that account.

    Man, I hadn't thought about any of this stuff in almost two years...
    Reply | Mark as read | Best of... | Permalink  
    • Posted by tutor-turtle 5 months, 1 week ago
      BINGO.
      Give the man a cigar!
      I had one of those little plastic gadgets to login to my (DoD) computer. And yes, after three failed attempts, I got locked out. I had to call my IT management to unlock my account.
      This irritated them to no end, so I made sure I waited till the number just flipped to the new key before attempting to log in.
      Just before I retired (3 years ago) they introduced some little USB dongle that read the chip in my badge when it got close enough. Not sure how all that worked. But I know they retired RSA thingy.
      Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by $ Markus_Katabri 5 months, 1 week ago
    Just imagine how fast it will mine crypto.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ AJAshinoff 5 months, 1 week ago
      Sure, but there will always be an ever increasing backdoor as tech increases.

      When the necessities are outside of your ability to acquire, as with digital currency, you are no longer in control and are dependent on others with their own goals.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ CBJ 5 months, 1 week ago
        Bitcoin does not have a backdoor, and is not controlled by any government.
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by $ AJAshinoff 5 months, 1 week ago
          Anything online has a backdoor. ANYTHING. Your account may be secure now, but even if quantum computers (herculean processing) have no impact on breaching security there is still the long chain of essentially anonymous servers, routers and switches between you and your host, or its mirror servers, for you to access your wealth if someone decides to limit or prevent you from doing so for whatever reason they desire.

          Processing muscle to breach security aside, the infrastructure will force compliance.
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by $ CBJ 5 months, 1 week ago
            If the "infrastructure" could force compliance, it would have done so long ago, and governments worldwide would not be worried at all about crypto.
            Reply | Mark as read | Parent | Best of... | Permalink  
              -
            • Posted by $ AJAshinoff 5 months, 1 week ago
              My friend, and I mean this with no degree of disrespect, you are in denial.
              The timing isn’t right to enact that degree of control because there are still too many using cash, but it’s getting closer each day.

              My statement on infrastructure is not speculation, I’ve worked closely with this stuff half my life. And it has been used to shut sites down and people out.

              In an elevated commend prompt session pick a website that you know is far from you and type tracert and it’s name. This will show the hops (relays) between you and your destination. Outside of hop one, you own none of it.
              Reply | Mark as read | Parent | Best of... | Permalink  
                -
              • Posted by $ CBJ 5 months, 1 week ago
                I don't own the physical infrastructure that I deal with in my everyday life either, and in fact most of that infrastructure is controlled by government. That does not in any way prove your assertion that “the timing isn’t right to enact that degree of control because there are still too many using cash, but it’s getting closer each day.” Or any of your earlier assertions either. Some of your assertions been shown to be incorrect, such as your claim that “QC’s are already cracking 2048 encryption.” The others have more straightforward explanations then that of an undefined but ultra-powerful group of “elites” working tirelessly behind the scenes to undermine our way of life.
                Reply | Mark as read | Parent | Best of... | Permalink  
                  -
                • Posted by $ AJAshinoff 5 months, 1 week ago
                  "Most" infrastructure is owned by businesses, that has been the decentralized nature of the web forever, but that too is slowly changing.

                  I see trends. I am good at this. Does that make me 100% on target? No. But it does allow confidence enough to voice what I see happening.

                  Do recall in canada they literally cut off protestors, truckers, from their money in order to stop their boycott. Not bitcoin, you say? Sure, but its digital and the distinction on a fundament level is only slightly different.

                  Do recall that amazon shut down a mans smart house features without consulting him over a supposed racist statement.

                  You are welcome to think I'm a tin hat crazy conspiracy theorist. But restricting access using the web is as real as it gets as is the push to put everything online. Why?
                  Reply | Mark as read | Parent | Best of... | Permalink  
                    -
                  • Posted by $ CBJ 5 months, 1 week ago
                    I can give you hundreds of examples of governments worldwide, during any time in history, illegally targeting their political enemies. This includes our own government. For the most part such actions predate the Internet and involve whatever technology was available at the time.

                    The push to “put everything online” enables individuals, not just governments. Burner phones. Anonymous internet connections. Video recording and dissemination of police misconduct. Bitcoin. Widespread exposure of political corruption (Wikileaks, Snowden, a certain laptop). Technology has caused people to be much more distrustful of government than was the case 50 or 100 years ago. That’s a good thing.
                    Reply | Mark as read | Parent | Best of... | Permalink  
                    • Posted by $ AJAshinoff 5 months, 1 week ago
                      You are far more optimistic than I am. The distribution of tech is a two edged sword. Sure, it makes info available to more people and gives folks opportunity to contribute. Still, it hold into account everything you say, it allows for others to not-so-openly to scrutinize and pass judgement on your words/statements/ site visits and interactions. That same "oversight", governments or otherwise, gleans info on who and where you are and what you do. Social reputation, the measure by which someone else determines what you are worth to society and what you are entitled to in society. Couple that with non-cash society...

                      The UN is pushing for operational control and oversight of US web infrastructure again. US politicians are calling for censoring what they deem is false information. "People" can distrust all they want as they use tools not their own to be added to lists of dissidents that can be shutdown and hunted.

                      I know I'm cynical about this subject. I've seen to much of its incrementalism for too long. Its not hard to see the writing on the wall. I hope you are right and I am wrong, but I honestly do not think so. Fortunately, I won't be here too much longer to experience it in it fruition, but it is coming.
                      Reply | Mark as read | Parent | Best of... | Permalink  
    -
  • Posted by $ CBJ 5 months, 1 week ago
    Further in, the article says, "Indeed, security experts have developed post-quantum codes that even a quantum computer will not be able to crack. So it is already possible to safeguard data today against future attack by quantum computers." So it looks like defense is outrunning offense in the cybersecurity realm.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ AJAshinoff 5 months, 1 week ago
      Everything evolves. Defense is always outrunning offense, until its not (that's why its called hacking). I combat this nonsense every day and have for near 30 years. For every one person like me there are dozens, if not hundreds or thousands, of people worldwide trying to get into our stuff. Sure, I use and configure good tools to prevent this but its only matter of time, unless I keep adjusting and adapting, and that's no guarantee.

      There will never be complete security online unless its entirely regulated. Once regulated those doing the regulating will be the most odorous anonymous overload bastards the entire world has never seen.
      Reply | Mark as read | Parent | Best of... | Permalink  
      • Posted by $ CBJ 5 months, 1 week ago
        There will never be complete security online period. I never said there would be. The universe doesn't come with guarantees, and never did. We don't need complete security from hackers, we only need the opportunity to continue refining our defensive tools as we continue to promote our values.
        Reply | Mark as read | Parent | Best of... | Permalink  
  • Posted by $ DriveTrain 5 months, 1 week ago
    This has to be pure speculation, but speculation based on what we know to be fact: quantum computers are here, I'm thinking with Jack Secret government agencies already using them, and that it will be a big chunk of time before they're made available to everybody. Once that happens we'll all be having to plunk down cash to replace everything based on current technology (which will be rendered as dinosaur-ancient.) And of course that orders-of-magnitude increase in processing speed will open The Mother Of All Cans Of Worms on security, on OS-es built for quantum computers, on government backdoors written into OS code (by "or else" force, presumably,) and on quantum computer security going head-to-head with quantum hacking. IOW, all of the same crap we're having to deal with now, only at much faster processing speeds.

    And of course all of the evil scum who latch onto any new technology to do evil things to other people will utilize this orders-of-magnitude leap in processing capacity to enhance all of the evils they're currently doing: surveillance, control, obliteration of human rights, de facto enslavement. A couple of years back I saw some link on Facebrag to an article by some "respected" tech commentator, which talked - approvingly - about a future in which an AI-type technology would become the substance of a global government, with all decisions pertaining thereto handled by that digital entity, not by people. It would take a whole lot of "archaeology" on my pack-rat collection of storage media - or worse, scrolling through reams of past Facebook posts - to find it. But what was obvious from that guy's gleeful appraisal was that he thought a collectivist dictatorship under the iron fist of a machine would somehow be different from a collectivist dictatorship under the iron fist of a flesh-and blood creep, and just peachy-wonderful for the fact of being: whizbang technology.

    So as with every new technology, there will be rotten people who will use it for rotten ends; the tech itself only gains a moral dimension via the choices of those who use it, and it is the job of philosophy and of education to establish whatever safeguards can be gotten, to protect human rights against violation via those new technologies.
    .
    Reply | Mark as read | Best of... | Permalink  
    -
  • Posted by kddr22 5 months, 2 weeks ago
    Not an expert on quantum computers, but after taking a great courses on it the security features to both protect and and decipher are extraordinary.
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by $ AJAshinoff 5 months, 2 weeks ago
      What gets me is that all this is coming to a head as-if by magic? Crypto, AI, and Super/quantum computing are all at their infancy. Surprise? Coincidence? If QC’s are already cracking 2048 encryption what will they be capable of in 6 months? A year? Especially with the massive push to run into a digital age.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ CBJ 5 months, 1 week ago
        QC’s are not already cracking 2048 encryption. According to the article, "a quantum computer could do the calculation with just 20 million qubits." The largest quantum computer today has 1,180 qbits. Only 19,998,820 to go!

        Not to mention that the article says, "security experts have developed post-quantum codes that even a quantum computer will not be able to crack."
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by $ AJAshinoff 5 months, 1 week ago
          All the energy focuses on this and AI and its only a matter of time. Do you really think quantum computers will be the end of progression? Those "developing" are being altruistic or is there another purpose?
          Reply | Mark as read | Parent | Best of... | Permalink  
          • Posted by $ CBJ 5 months, 1 week ago
            Wow, you just pivoted from a nonexistent current threat ("QC’s are already cracking 2048 encryption") to an undefined future threat (quantum computers will not be the end of progression and AI developers are not altruistic). Is this all the "evidence" for our impending doom that you can provide?
            Reply | Mark as read | Parent | Best of... | Permalink  

FORMATTING HELP

  • Comment hidden. Undo