IBM Warns of Instant Breaking of Encryption by Quantum Computers

Sycraft

Supreme [H]ardness
Joined
Nov 9, 2006
Messages
4,642
That was my first thought as well. The head of IBM Research saying something as stupid and fantastic as "quantum computing will break it." Does this guy just drink, snort cocaine, and drive a car with doors that "do this?"

Commercially available quantum computing may only be a few years out, but the amount of architecture design required to feed and interpret the needs of a a quantum platform are _still_ in the theory phases. We need a new type of memory/FPGA hybrid before we can even start thinking of programming for such a device.
Not just that, there is the not so minor issue of speed. Notice there was the "if they are as fast as traditional computers" qualifier. How fast will we be able to make quantum computers? Who knows at this point? It is possible that they'll end up being something we can realize, program, and use, but despite the advantages they have at solving certain kinds of problems they are dog slow compared to traditional machines.

There is just so much we don't know right now. It would be like trying to predict where computers would be today back in in 1941 when they built the first opamp. We really don't know where quantum computing will go or how long it'll take to get there.
 

serpretetsky

[H]ard|Gawd
Joined
Dec 24, 2008
Messages
1,749
This is old news.
Grover's algorithm should be able to find any given users password in about 12 days if the machine running at today's classical computer speeds.
Here is one article on the subject
https://softwareengineering.stackex...m-computers-be-able-to-easily-crack-passwords
I've heard Grover's algorithm is easily protected against for symmetric encryption by simply doubling the the key size (for example, using AES256 instead of AES128). 7zip, for example, already uses AES256. I'm not sure how this affects password length though? Do password lengths need to double or is this unncessary?
 

M76

[H]F Junkie
Joined
Jun 12, 2012
Messages
10,671
I remember reading about the potential impact of quantum computers on encryption twenty years ago. Seems a little odd to be surprised about it now.

On the other hand, yet there are still millions upon millions of people who drive around using GPS, but think that Special Relativity is "only a theory" (whatever that means). Just goes to show how many people aren't able to connect the dots...
I haven't seen people denying relativity, is that a new fad?
 

Archaea

[H]F Junkie
Joined
Oct 19, 2004
Messages
10,042
Password retry and lockout interval timeouts only help if you don’t have the password hash or haven’t compromised the system trough some other means. For a static file encryption this is irrelevant.

Encrypting with quantum computers is a fine idea, but not with current encryption algorithms. New, more mathematically complex algorithms will have to be developed. More salts, more rounds, more bit length. Advancements in this space are pretty slow these days. Look when the typically used encryption ciphers came out. 10-15 years ago for many of the most standard.

As to the poster who said he had a couple encrypted files from years ago he forgot the password to, and would like them broken, you can probably do that now, and for not much money. Passware Pro with a 980ti at work will crack AES 128 passwords at a rate of about 50,000 passwords per second. We’ve cracked several 8 character user passwords or less in just 2-3 days. AES256 is much slower cracking. I’d say a 9 character AES 256 password is relatively safe even against a determined intruder with some nice GPU hardware the next few hardware generations. To protect against GPU farms in the next years an 11 char passers with AES 256 should suffice IMO. The key space basically increases exponentially with password length.
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,592
In theory it's instant in practice it's just faster. A lot faster. Part of the solution is Longer keys and repeated encryptions. Basically keys so big you will never be able to manually enter them in your lifetime.
 
Last edited:

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,592
Two words since people aren't thinking this already. Quantum encryption. I mean technology on both sides won't stand still.
 

GDI Lord

Limp Gawd
Joined
Jan 14, 2017
Messages
199
On the other hand, yet there are still millions upon millions of people who drive around using GPS, but think that Special Relativity is "only a theory" (whatever that means).
Sorry wait what? Which conspiracy theory does that belong to?
 

velusip

[H]ard|Gawd
Joined
Jan 24, 2005
Messages
1,577
Not just that, there is the not so minor issue of speed. Notice there was the "if they are as fast as traditional computers" qualifier. How fast will we be able to make quantum computers? Who knows at this point? It is possible that they'll end up being something we can realize, program, and use, but despite the advantages they have at solving certain kinds of problems they are dog slow compared to traditional machines.

There is just so much we don't know right now. It would be like trying to predict where computers would be today back in in 1941 when they built the first opamp. We really don't know where quantum computing will go or how long it'll take to get there.
There are too few applications for quantum computing, and thus the "field programmable DSP" required for a usable discrete-space interface is completely unheard of. I believe it _will_ be developed, and that it will reduce some relevant algorithms to O(n) complity, however relevant encryption methods are already technically obsolete and replacements are ready and waiting when we need them. Since RSA, EC, and DH are extremely fast and strong as is, we will just keep using them until we can't. When things finally go quantum, switch to a handshake method which begins as normal with a very large public key, then immediately generates a unique symmetric pair for the session. (This isn't really practical at the moment since it would cause your computer to peg for a few seconds every time it tried to communicate over a properly secured channel.) In the end, the risk does not come from a quantum attack at all, but remains right where it has always been -- lazy sysadmins not maintaining their stuff and using old shit, and from complacent/malicious "trusted" chip developers leaving massive holes or backdoors in the hardware.
 
Top