Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Eavesdrop On Quantum Crypto With Lasers

timothy posted more than 3 years ago | from the wool-over-your-own-eyes dept.

Encryption 161

Martin Hellman writes "According to an article in Nature magazine, quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems — which use quantum states of light to encrypt information for transmission —' they have fully cracked their encryption keys, yet left no trace of the hack.'"

cancel ×

161 comments

pwned (-1, Redundant)

Anonymous Coward | more than 3 years ago | (#33413160)

srsly, this is a huge kick in the balls for quantum crypto.

Re:pwned (5, Informative)

neumayr (819083) | more than 3 years ago | (#33413178)

Not really. From the article:

"We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing," says Makarov.

Re:pwned (0)

elFisico (877213) | more than 3 years ago | (#33413202)

Mod parent up!!

And add this citation to the article text!!! *eyeroll*

Re:pwned (1)

sortius_nod (1080919) | more than 3 years ago | (#33413420)

Unfortunately without that caveat the article isn't as scary.

Come on editors, Do a better job, don't just put the article through, read it yourself.

Re:pwned (5, Insightful)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33413218)

No, it IS a huge problem. If you turn a quantum computing system into a classical system, you basically revert it to sending the key in plaintext. While it does not break the theory of quantum encryption, breaking all (commonly) available implementations of quantum crypto should be enough to be qualified as "huge kick in the balls".

a kick in the balls (5, Insightful)

davidwr (791652) | more than 3 years ago | (#33413400)

A kick in the balls (breaking all current implementations) is not the same as cutting them out and mounting them in a trophy case (proving there can be no secure implementation).

Either one hurts though.

Re:pwned (0)

Anonymous Coward | more than 3 years ago | (#33413380)

Since one of the goals of a quantum cryptographic system is to prevent just that then this is a major failure in the design.

Re:pwned (4, Interesting)

WED Fan (911325) | more than 3 years ago | (#33414314)

Why the GP was modded troll is beyond me. This is a "huge kick in the balls". Isn't the point of QC to make it easy to detect if someone has even listened in, let alone broken anything? I'd have to say that what it means is the current implementation of QC is an epic fail. Back to the old drawing board.

Re:pwned (1)

Z00L00K (682162) | more than 3 years ago | (#33413484)

Which also means that it may end up being more predictable and sensitive to attack.

As soon as a crypto is predictable the road left to crack a given message is shorter. Not that it's easy, it will still require some computing power.

Re:pwned (2, Interesting)

yahwotqa (817672) | more than 3 years ago | (#33413182)

From TFA:

Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it.

So, I guess the encryption system used here isn't really "quantum", since above doesn't apply, is it?

Re:pwned (5, Informative)

Unipuma (532655) | more than 3 years ago | (#33413196)

If you read the article, you'll notice that the 'hack' is a classic man in the middle attack, and the receiving end can receive both classic and quantum messages. The man in the middle (after reading the quantum message) passes it on as a classic message, and the receiving device does not give a warning that the message received is a classic message, instead of a quantum message.

So it's really an design error on the device side, not a true hack in that quantum states were undisturbed regardless of reading them.

Re:pwned (1)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33413282)

So it's really an design error on the device side, not a true hack in that quantum states were undisturbed regardless of reading them.

As long as the attacer only wants to get the key, he does not care if this is a "true" hack (which would require a substantial change in our understanding of quantum physics) or a "cheaing" hack that only breaks the implementation. The major selling point of quantum crypto is the "100% security". If it's only "100% minus any bugs in the implementation" (which it obviously is), I could as well use a classical key exchange mechanism.

Re:pwned (1)

foobsr (693224) | more than 3 years ago | (#33413368)

"100% security" ... "100% minus any bugs in the implementation"

I truly wonder if there is anything like "100% security". Probably if there is no 'security' at all (if it is not needed? impossible to observe?).

CC.

Re:pwned (5, Interesting)

maxwell demon (590494) | more than 3 years ago | (#33413850)

Well, there are several points here:

  • Every cryptographic security is only up to possible bugs in the implementation (remember the Debian ssh problem?), so exactly 100% security is impossible. However, one difference betweeen the classical and quantum case is that in the quantum case any possible exploit has to be "online" (i.e. you have to actually intercept the actual sent message and manage to manipulate the receiving system), while for classical key exchange the breaking can also be after the fact (i.e. if all you want is the exchanged information, you can passively record all data and then try to break it afterwards). This means that
    1. all communications performed before that exploit was found remains secure (unlike classical protocols where you only need the recorded data to apply any exploit), and
    2. since the attacker has to manipulate the systems during operation, as soon the exploit is known you can take additional measures in order to detect it (e.g. in this case, I think it should be quite easy to detect a relatively strong laser which is continuously shining at the receiving device), thus detecting whether someone tries to exploit it (unlike classical systems, where you have no clue if someone tries to attack your cryptographic system). That is, instead of replacing your whole cryptographic infrastructure (which may be expensive), you can simply add detectors for the manipulation needed for the exploit, so that you only transmit confidential information in case the exploit isn't applied.
  • As the article mentions, the commercial systems add the quantum cryptography on top of the classical cryptography. So if the quantum cryptography is broken, you still have the security of the classical system. On the other hand, if the classical system used is broken (be it because the underlying cryptographic scheme is broken, or be it by exploiting a bug in the specific implementation) then you still have the security of the quantum cryptography.

Re:pwned (0)

Anonymous Coward | more than 3 years ago | (#33413372)

I thought the point of quantum encryption was that it could not be attacked by a man in the middle without revealing that an attack took place. Seems like it was compromised in an unexpected way.

Re:pwned (1)

maxwell demon (590494) | more than 3 years ago | (#33413920)

Actually, it should be quite easy to reveal that someone continuously shines a laser on your system. It's just that no one up to now thought about that possible attack vector, therefore no one tested for it. I'm pretty sure that future versions of the cryptographic device will detect that attack.

Besides detecting the laser directly, maybe a strategy to prevent this type of attack would be to generate additional quantum signals for Bob's detector inside Bob's device and testing that the detector correctly detects them (this would not only detect this specific attack, but any attack which turns Bob's detector into a classical one).

Re:pwned (1)

radtea (464814) | more than 3 years ago | (#33414374)

So it's really an design error on the device side, not a true hack in that quantum states were undisturbed regardless of reading them.

Thanks for pointing that out! It makes the system so much more secure, knowing that...

This is a "true hack" in the same way that the cost of sending a mission to Mars is a "real problem": scientists and engineers often want to simplify the world by restricting the domain of "real problems" to ones they know how to solve. But reality doesn't care about human domain boundaries.

In this case, they have hacked the system, which has the effect of being able to read the communications that pass through it. No cryto system is more secure than the least secure channel, and they have demonstrated that even though part of the system is 100% secure the rest is pretty easily hackable. This will always be the case with quantum crypto so long as it has to interface with the classical world at some point.

Re:pwned (1)

vlad30 (44644) | more than 3 years ago | (#33413208)

The bigger they are the harder they fall or in encryption the more complicated the easier to crack

Well, there's always the "Gitmo" attack (1)

davidwr (791652) | more than 3 years ago | (#33413416)

the more complicated the easier to crack

You know, the one that involves "encouraging" someone to give up the keys or to hell with the keys, just "extract" the original message.

Too bad for those using the Gitmo attack that torture isn't a reliable way to extract information.

Re:Well, there's always the "Gitmo" attack (1)

stonewallred (1465497) | more than 3 years ago | (#33413540)

So you say. In reality, torture does work wonders, and provides really solid information. Problem is that true torture is not quick, easy or cheap. It requires a great deal of time, energy and information. Everyone has some breaking point and finding that point using the right key is paramount. While some folks might resist physical pain for long periods of time, the same person may break within minutes if subjected to sensory deprivation or spiders or being in very tight confinement. Threat of death might not phase a person, but the threat of their loved ones' deaths or their pet's death might break them immediatley. So the time it takes, probing for the weakness and figuring out the right pressure is what makes torture ineffective, especially in time sensitive matters, not the "inability" to extract the information.

Re:Well, there's always the "Gitmo" attack (2, Informative)

tibit (1762298) | more than 3 years ago | (#33413858)

You would be right if you weren't so wrong :(

The problem with torture is that it has a way of making up information where there is none. If you're convinced your guy has the information, but he doesn't, then torture is an element of a random story generator. And there's pretty much no way of telling the quality of information that you receive.

Case in point: I think that a big problem with some Gitmo inmates is that they were set up by bounty hunters, and they are simply wrong people in a wrong place at the wrong time. Torture is useless here, because they know nothing in the first place, and the "solid information" they provide is solidly random, if that.

Also, trained to lie to torturers (1)

davidwr (791652) | more than 3 years ago | (#33414260)

There are two other problems besides people with no information:

- People who have been trained to resist torture long enough for their information to become useless.
- People who have been trained to feed misinformation after "sufficient" torture so they sound credible.

Offtopic for laughs:

then torture is an element of a random story generator.

So THAT'S how come the slush pile is so big!

Re:Well, there's always the "Gitmo" attack (1)

TheCarp (96830) | more than 3 years ago | (#33414342)

You have evidence of that? I am not actually aware of any incidents where this was shown to be the case... and many incidents where information was given up without torture.

Generally speaking, torture is used to produce confessions and convictions no matter what, not to produce truth. Thats how its been used for a long time now, its what the techniques were developed to produce.

SO far the only "evidence" to the contrary has been by the Dick Cheney's vague "trust us this works" statement that he conveniently couldn't elaborate on.

-Steve

Re:Well, there's always the "Gitmo" attack (1)

maxwell demon (590494) | more than 3 years ago | (#33414118)

Too bad for those using the Gitmo attack that torture isn't a reliable way to extract information.

While it's not reliable in general, it is reliable in cases where you can easily check whether the information given to you is correct. Which is the case for cryptographic keys, but not for the original message. Unless, of course, he doesn't have the key himself (I couldn't give you the key used for the latest https session with my bank, even if I wanted to; torture certainly wouldn't help either).

Re:Well, there's always the "Gitmo" attack (1)

radtea (464814) | more than 3 years ago | (#33414482)

While it's not reliable in general, it is reliable in cases where you can easily check whether the information given to you is correct.

You realize you've just defined extracting information under torture as an NP-Complete problem... and then implied that this was the "easy" case.

Re:pwned (1)

Muad'Dave (255648) | more than 3 years ago | (#33413658)

Scotty: "The more complicated the plumbing, the easier it is to stop up the drain."

Lessons (0, Troll)

QuantumG (50515) | more than 3 years ago | (#33413174)

Gee, this technology is really underwhelming isn't it? It's almost like theoretical claims rarely match up with reality and creating something that delivers security takes years of dedicated effort in an open environment.

Re:Lessons (5, Informative)

neumayr (819083) | more than 3 years ago | (#33413192)

The underlying principle still is valid, those people exploited a technical loophole - in a process that's part of

[..] years of dedicated effort in an open environment.

Re:Lessons (1)

buchner.johannes (1139593) | more than 3 years ago | (#33413436)

And that's why quantum based voting fails. No citizen can verify that they don't just use classic computers.

Re:Lessons (1)

Artifakt (700173) | more than 3 years ago | (#33413536)

Should it be called just a loophole?
          Actually getting a physical object to behave like quantum entanglement is present is a challenging task, much like getting an object to reliably store data in a form that doesn't degrade with repeated access in the first place. There are only a few ways to store data in forms that can take 100,000+ access cycles, give the date back quickly enough to be useful to other parts of the system, or have low enough rates of corruption to be genuinely useful to the user. When you factor in costs, the choices get more limited - after 50+ years of development, it's still general practice to compromise and use slow methods of storage for much of the storage needed. With data storage, nature seems to be insisting - fast, cheap, reliable - pick any two of three (at best).
          Even if the underlying principle (as you put it) says there must exist some methods that aren't vulnerable to this sort of attack, turning those methods into engineering processes may entail other problems so great that no one would want to develop those lines of research unless they were forced out of other, originally more attractive options. This may well be a problem that comes back in one form or another for decades.

Re:Lessons (0)

Anonymous Coward | more than 3 years ago | (#33413662)

"pick any two of three" - such statements are always trivially true in the sense that we face trade-offs and can spend money only once.
But ten years ago people would have called the stuff we've got now both cheap, reliable and fast. Something worth reflecting on.

Re:Lessons (2, Insightful)

Interoperable (1651953) | more than 3 years ago | (#33414120)

It's a pretty damn big loophole. They used a 1 mW beam which is about as powerful as a laser pointer. That's many orders of magnitude larger than a single-photon level signal and should be very easy to detect. Not noticing a milliwatt of light hitting the detector in a quantum scheme is something like leaving a key written in plain text on a sticky note on your monitor and being shocked when your key is "hacked."

Re:Lessons (0)

Anonymous Coward | more than 3 years ago | (#33413212)

They said that to read the Quantum bit, you would have to change its state and that would be detectable.
Well if its been broken , and that is not the case, then all wet dreams of safe key exchange dissipate, and good old copper or optical fiber is just as good.

And if quantum states are not infinite, then instant deciphering also goes out the window, although parallel decoding is still very attractive for n-round ciphers.

Hats off to the clever dudes who did this work.

Commercial Systems (2, Interesting)

iYk6 (1425255) | more than 3 years ago | (#33413276)

I was surprised to discover that there were commercial systems of quantum cryptography. Quantum cryptography is academic at this point. It is not as strong as old fashioned cryptography (like AES) and is much more expensive. Then I realized that there is no reason that someone can't use both. It would be pretty ridiculous if someone were using quantum cryptography as their only security, and not encrypting the data first with old fashioned cryptography.

Re:Commercial Systems (4, Interesting)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33413304)

Quantum cryptography is academic at this point. It is not as strong as old fashioned cryptography (like AES) and is much more expensive. Then I realized that there is no reason that someone can't use both.

Quantum crypto (at this point) is a key exchange mechanism. Thus, it doesn't compare to AES at all. You HAVE to use quantum crypto together with a classical exncryption algorithm. However, if you use quantom crypto you care about 100% theoretical security. Else you would simply use DH or any other well-known classical key exchange. And if you care about 100% theoretical security, there is no alternative to OTP.

Re:Commercial Systems (2, Insightful)

KiloByte (825081) | more than 3 years ago | (#33413346)

Except that to be able to use quantum crypto at all, you need to provide a physical way to pass the quantum state. And with that requirement, why won't you just pass the key the good old fashioned way? Strictly more secure, and much cheaper.

Re:Commercial Systems (3, Interesting)

julesh (229690) | more than 3 years ago | (#33413418)

Except that to be able to use quantum crypto at all, you need to provide a physical way to pass the quantum state. And with that requirement, why won't you just pass the key the good old fashioned way? Strictly more secure, and much cheaper.

More secure? Hardly. All you have to do is eavesdrop on the key exchange and you have the key. In a real world scenario, typically this means bribing a few security guards, breaking into one of the communicators' homes or offices and retrieving the key from their computer, or intercepting a message sent over a physical line, probably encrypted via a non-100%-reliable cryptographic system, with the (at least) theoretical possibility that the encryption on the key exchange can be broken.

In a properly implemented quantum crypto system, this is theoretically impossible: the key passes directly from one endpoint to the other, and any interference between the two is easily detectable. It isn't stored for longer than the message takes to be sent, so breaking in to retrieve it is impractical. Done properly, the quantum crypto system is as secure as it is possible to be. As it happens, the system here was not done properly; it failed to detect interference on the line (and as ability to detect interference is, essentially, the point of quantum crypto, this is bad news).

Re:Commercial Systems (1)

KiloByte (825081) | more than 3 years ago | (#33413542)

If your endpoint has been compromised, there isn't anything you can do.

Re:Commercial Systems (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33414142)

In a real world scenario, typically this means bribing a few security guards, breaking into one of the communicators' homes or offices and retrieving the key from their computer, or intercepting a message sent over a physical line

Using the old fashioned way, you divide the key into 5 or 6 pieces before it leaves the cryptosystem, you distribute responsibility of the pieces. The pieces are stored on devices, and given to guards.

The guards have physical possession of the devices, but not the PIN number for that piece.

None of the pieces assist in reassembling the key without all other pieces present.

Key pieces are not brought back together until brought to the destination system's crypto module.

Nothing other than dedicated crypto modules ever have access to the key for securing your initial key exchange, and these get kept locked up.

Security guards protect physical access to the communication endpoints, but do not possess the credentials to activate them; plus multiple combinations and keys are required to even open the safe with any hardware required for securing further key exchanges.

You can perform key rollovers whether you use quantum or traditional crypto. You transmit the new public key digitally signed with the old private key, over a message encrypted with the current session key.

Then you transmit the new symmetric key, encrypted with the peer's new public key, in a message encrypted with the current symmetric key.

If your adversary can compromise crypto equipment under high security, quantum crypto won't protect you.

The benefits of quantum crypto are mostly theoretical.

However, obviously someone believes the technology is more proven than it is, as they're trying to base commercial systems on the promise.

If they are relying on quantum key exchange as their only security of the key exchange, at this point, they are foolish.

Re:Commercial Systems (1)

Rakshasa Taisab (244699) | more than 3 years ago | (#33413428)

Quantum crypto is about passing a key and being sure it wasn't read by a third party (or borking if it has been). Old fashion plaintext passing of that key does not have that particular property which makes it _NOT_ more secure even if it is cheaper.

That the system would have an error mode where it just starts ignoring the overloaded quantum state sensor seems like braindead design to me...

Re:Commercial Systems (1)

DMiax (915735) | more than 3 years ago | (#33413530)

And with that requirement, why won't you just pass the key the good old fashioned way? Strictly more secure, and much cheaper.

Because it is not strictly more secure? Any hack that works on quantum crypto will also work on classical cryptography. All they showed here is that it is hard to get a system working properly with all safeguards (or, simply, that commercially available implementations are not that good).

Re:Commercial Systems (1)

Sycraft-fu (314770) | more than 3 years ago | (#33413406)

Well I'd hazard a guess that most people who are buying in to this don't know what the fuck they are doing. They are the types that believe the NSA has secret evil cracking machines that ban break all current crypto (and that the NSA gives a shit about what they are doing). They also hear stories about amazin' new unbreakable quantum crypto. They see it on the market and say "We need to have that!"

For that matter, I don't know if these products are actual quantum crypto. Just because they call it that doesn't mean it is.

Re:Commercial Systems (1)

IndustrialComplex (975015) | more than 3 years ago | (#33414250)

(and that the NSA gives a shit about what they are doing)

Well for one, it isn't generally the NSA that 'gives a shit', it's other agencies.

Two: If you make it a point to collect and store everything, even if it isn't of immediate interest to you NOW, it might be LATER.

It seems that you could detect this (2, Interesting)

MichaelSmith (789609) | more than 3 years ago | (#33413186)

Eve gets round this constraint by 'blinding' Bob's detector — shining a continuous, 1-milliwatt laser at it.

So Bob could just detect the blinding signal and stop transmitting.

Re:It seems that you could detect this (1)

Haedrian (1676506) | more than 3 years ago | (#33413194)

I'm sure its not as simple as that. Then agian I didn't understand half the technical stuff of this article.

Re:It seems that you could detect this (5, Insightful)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33413260)

Yes, and if I understand the article correctly, the manufacturers developped a patch to fix the hole.

However, the hack shows (once again), that a system may be secure in theory, but actual implementations of that system may, and will, have bugs that render them insecure. This negates one of the most strong arguments for quantum crypto, i.e. the "proveable" security. If that argument does not hold, you could as well use any common "classical" key exchange algorithm, which also delivers "good, but not 100%" practical security, does not need fixed point-to-point fiber and expensive equipment, and is probably much better tested than the quantum systems.

Re:It seems that you could detect this (1)

Threni (635302) | more than 3 years ago | (#33413308)

Exactly - existing systems are 'good enough for now', and it's the protocols (swapping keys, trusting people etc) which are hard. You can invent hard and harder systems but without extra work on the protocols/implementations they add nothing of value.

Re:It seems that you could detect this (1)

beelsebob (529313) | more than 3 years ago | (#33413588)

This negates one of the most strong arguments for quantum crypto, i.e. the "proveable" security

No it doesn't – it just makes the software more expensive to write. It's entirely possible to write software that has key properties proved to be correct and bug free, it's just hard, time consuming, and done by people who get paid a very large amount of money.

Re:It seems that you could detect this (3, Insightful)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33413958)

No it doesn't – it just makes the software more expensive to write. It's entirely possible to write software that has key properties proved to be correct and bug free,

It's not only the software. There's a lot of hardware involved, most of which could have bugs of some kind (e.g. for this hack you'd have to prove that your sensor can reliably detect that it's still in "quantum mode"). And after you have proven a lot of properties off all your hard- and software, you'll have to prove that all those properties are actually sufficient for achieving perfect security.

Re:It seems that you could detect this (1)

ByteSlicer (735276) | more than 3 years ago | (#33413266)

So Bob could just detect the blinding signal and stop transmitting.

Alice is the transmitter, Bob is the receiver (from A to B, see?).

Re:It seems that you could detect this (1)

MichaelSmith (789609) | more than 3 years ago | (#33413362)

So Bob could just detect the blinding signal and stop transmitting.

Alice is the transmitter, Bob is the receiver (from A to B, see?).

Yes I can see my mistake, though once Bob knows the link is compromised he can ignore the contents, so the hacker can't predict his behaviour. Also Bob could use a different channel to notify Alice of the problem.

Re:It seems that you could detect this (1)

ByteSlicer (735276) | more than 3 years ago | (#33414102)

And what if the hacker doesn't send any singal to Bob, so the line is quiet? Bob would never know Alice is sending a key, and therefore never warn her.
Of course she could use some secure side channel to tell Bob she's sending a key, but that could be hacked as well...

Re:It seems that you could detect this (2, Informative)

PseudonymousBraveguy (1857734) | more than 3 years ago | (#33414180)

Actually quantum crypto requires Bob to communicate with Alice over an authenticated channel anyways (e.g. to check which polarisation filter was used for each measurement, and to check for eavesdropper). This channel can trivially be used to signal failures and/or attacs. (However, quantum crypto does not tell you where to find a perfectly secure authenticated channel)

Re:It seems that you could detect this (0)

Anonymous Coward | more than 3 years ago | (#33413390)

Dunno if Bob was transmitting to begin with.

Anyhow, Bob should be able to tell between the quantum and classic (fallback/compatibility?) mode and tell Alice which mode he's receiving the message in. (Perhaps by sending a parallel return signal that's either quantum or classic itself.) If Alice figures out that there's a mismatch between the way she's sending it and how Bob is getting it, then both Alice and Bob should know that the gig is up and perhaps Eve is lurking around somewhere.

As it is right now, Bob can't tell the difference and tell Alice what message mode he's getting. So they're both blind to whether or not Eve is listening. It's more of a [hardware/firmware/current implementation] failure then overall method failure.

So OK... (5, Funny)

hyades1 (1149581) | more than 3 years ago | (#33413188)

...maybe they've cracked it in this universe, but what about all the others?

Re:So OK... (3, Funny)

thijsh (910751) | more than 3 years ago | (#33413340)

I would take a look, but I'm too afraid I'll kill the cat... And you all know how much Slashdot-geeks love that inter-dimensional pussy.

Re:So OK... (0)

Anonymous Coward | more than 3 years ago | (#33413392)

I would take a look, but I'm too afraid I'll kill the cat...

Well,I chucked the cat into a wheely bin, and was afraid if I looked back and opened the lid that the cat would either be alive or dead. So I just walked on.

Re:So OK... (0)

Anonymous Coward | more than 3 years ago | (#33414166)

love that inter-dimensional pussy.

Ohhhh yeahhh... =D

Re:So OK... (1)

MarkRose (820682) | more than 3 years ago | (#33413762)

That's going to take some time. None of the other universes have sharks or ill-tempered mutant sea bass to control the lasers.

Re:So OK... (0)

Anonymous Coward | more than 3 years ago | (#33413776)

Fry: Far out! So there really is an infinite number of universes?
Professor Hubert Farnsworth: No, just the two.
Fry: Oh, well. I guess that's enough.

not really that bad (4, Informative)

mogness (1697042) | more than 3 years ago | (#33413204)

The problem isn't really with quantum encryption, it's with the technical implementation. And anyway, according to the article, they've already figured out a way to detect the hack and defeat it, so it's still pretty solid.

Makorov informed both companies of the details of the hack before publishing, so that patches could made, avoiding any possible security risk.

Re:not really that bad (2, Funny)

DrXym (126579) | more than 3 years ago | (#33413322)

"And anyway, according to the article, they've already figured out a way to detect the hack and defeat it, so it's still pretty solid."

if (continuousLaserBeam) hack = true;

Re:not really that bad (2, Insightful)

boxwood (1742976) | more than 3 years ago | (#33413818)

Yeah the good guys inform the company of the hack. The question is how many bad guys were aware of this before now, and for how long?

It took these guys two months in a university lab to figure this out. How long do you suppose it took the NSA (and their counterparts in other countries) who have much bigger budgets?

This research proves that if you're using these devices, the NSA has your data.

Re:not really that bad (1)

DoofusOfDeath (636671) | more than 3 years ago | (#33414328)

they've already figured out a way to detect the hack and defeat it, so it's still pretty solid.

Perhaps, but there's a larger issue. Quantum crypto was supposed to be the end of the story, iirc. It was supposed to be theoretically impossible to crack. Discussion over.

Now, it appears that quantum crypto is engaged in the same kind of more arms race that other crypto mechanism are subject to. So it might be pretty solid, but it's apparently no silver bullet.

It is not quantum "crypto" (0)

Anonymous Coward | more than 3 years ago | (#33413226)

It is quantum-secure-transmission. That is that you theoretically detect (article non withstanding) when somebody attempt to eavesdrop your transmission. But the bits are plaintext (or encrypted by the start and end machines before the secure quantum transmission but not by the protocol itself).

Description of the hack by its authors (2, Informative)

romiz (757548) | more than 3 years ago | (#33413232)

There are some photographs of the hacked hardware and the hacking tools on the page [iet.ntnu.no] of the researchers.

A massive implementation flaw? (1)

Securityemo (1407943) | more than 3 years ago | (#33413236)

So, the attack works like this: the middle man sends a continuous laser down to one of the recievers, and simultaneously reads off the transmitted photons (disrupting their state). When "blinded" by this laser light, the reciever still reads the information from the transmitted photon data, but ignores it's quantum state. I don't know the limitations and techniques behind constructing quantum-state detecting photon recievers, but this just has to be a flaw in this particular construction? Maybe the state detector gets overloaded? In any case, it seems the system has been "patched" already.

wholesale shoes (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33413246)

Open the wardrobe is not yet found love after another the right clothes? So, also waiting for? Immediate action bar! welcome to:http://www.small-wholesale.com/ [small-wholesale.com]
Polo tshirt [small-wholesale.com]
Dolce Gabbana handbangs [small-wholesale.com]
AF polo Shirts [small-wholesale.com]
free shipping [small-wholesale.com]
Yves Saint Laurent [small-wholesale.com]

A new name (0, Funny)

Anonymous Coward | more than 3 years ago | (#33413256)

Quantum hackers?

Quackers!

Quantum is for Quacks (3, Funny)

Anonymous Coward | more than 3 years ago | (#33413270)

This is what you get when even educated men can't make sense of your technology.

Pretty obvious now we need to return to traditional cryptosystems such as rot13 etc.
Arguably not the most secure, but it is efficient. And for military use, where security
requirements are higher, triple-rot13 is an option.

Re:Quantum is for Quacks (1)

Antarius (542615) | more than 3 years ago | (#33413534)

Triple-rot13 just made me choke on my drink.


Posting this reply in Double-rot13 to ensure only the intended recipients can read it.

Re:Quantum is for Quacks (0)

Anonymous Coward | more than 3 years ago | (#33413822)

Nah, double should do it :)

You'd think double would be enough (1)

maweki (999634) | more than 3 years ago | (#33413826)

You'd think double would be enough

Re:You'd think double would be enough (1)

AbrasiveCat (999190) | more than 3 years ago | (#33414492)

Well, double for the military info. The bad guys would never figure out what we meant.

Re:Quantum is for Quacks (1)

whitesea (1811570) | more than 3 years ago | (#33413854)

This is what you get when even educated men can't make sense of your technology.

Pretty obvious now we need to return to traditional cryptosystems such as rot13 etc. Arguably not the most secure, but it is efficient. And for military use, where security requirements are higher, triple-rot13 is an option.

No, quadruple ROT-13 is the best.

Re:Quantum is for Quacks (0)

Anonymous Coward | more than 3 years ago | (#33414010)

The post above seems to be encrypted with ROT-26, I can't read it!

Sharks with Lasers (-1)

jewishbaconzombies (1861376) | more than 3 years ago | (#33413298)

Is there anything they can't do?

alice and bob (4, Funny)

brainscauseminds (1865962) | more than 3 years ago | (#33413402)

Poor Alice and Bob, they do not have a chance ever to live normal lives without hordes of geeky cryptographers debating/fighting over every bloody bit they exchange.

Re:alice and bob (1)

Provocateur (133110) | more than 3 years ago | (#33413596)

...until they met Ted and Alice, the couple that moved in next door. Then the sex became even more interesting.

(boy I feel so old)

Re:alice and bob (0)

Anonymous Coward | more than 3 years ago | (#33414306)

I thought next door was Carol and David? Maybe on the other side.

And the government... (0, Offtopic)

son.of.sun (1889694) | more than 3 years ago | (#33413414)

... enacts laws that the person must de-crypt the message if required or get jailed. Lazy bums.

Công ty c phn tp oàn truyn thông v& (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33413440)

Tham my vien [thammyvien.org]
Thuc pham chuc nang [thucpham-chucnang.net]
Dong ho [donghodeotay.net]
Van phong pham [vanphongpham.us]
Chan ga goi [changagoi.net]
Hoa tuoi [hoatuoi.info]
May hut am [mayhutam.org]
May chieu [maychieu.org]
Camera quan sat [camera-quansat.org]
May bo dam [maybodam.info]
May tinh de ban [maytinhdeban.net]
Man hinh [manhinh.net]

Re:Công ty c phn tp oàn truyn thông (-1, Offtopic)

Fantastic Lad (198284) | more than 3 years ago | (#33413570)

Asian sales to the West are hurting, I guess, now that a third of Americans are looking seriously at homelessness.

I notice that this kind of spam is picking up in frequency, which is probably a kind of desperation tactic. I know that whenever possible I "Buy Western". It's actually not all that hard; just don't buy crappy, stupid things made in the East. If somebody started making computer parts over here, I'd be set.

Now if only we could take the psychopathic high business/political class who destroyed America and drown them in the lifeless waters of the Gulf of Mexico, the world would be set!

Looks like the water viscosity of the Gulf has caused the Gulf Stream circuit to collapse. For real. Who knows how this will fuck up the planet, but it appears that this is the other shoe dropping. Ice Age, here we come!

Have you shot a psychopath in the head today? (You know, for killing us all?)

-FL

quantum hackers? (1)

dominious (1077089) | more than 3 years ago | (#33413456)

oh boy, am I getting old?

Thuc pham chuc nang (0)

Anonymous Coward | more than 3 years ago | (#33413466)

Tham my vien [thammyvien.org]
Thuc pham chuc nang [thucpham-chucnang.net]
Dong ho [donghodeotay.net]
Van phong pham [vanphongpham.us]
Chan ga goi [changagoi.net]
Hoa tuoi [hoatuoi.info]
May hut am [mayhutam.org]
May chieu [maychieu.org]
Camera quan sat [camera-quansat.org]
May phat dien [mayphatdientrungquoc.net]
Tong dai [tongdai.us]
May Massage [maymassage.org]

Re:Thuc pham chuc nang (1)

VincenzoRomano (881055) | more than 3 years ago | (#33413486)

Really neat, really.

Re:Thuc pham chuc nang (1)

couchslug (175151) | more than 3 years ago | (#33413554)

Where's an Arc Light strike when you need one?

Is anyone REALLY surprised? (1)

Phoenix (2762) | more than 3 years ago | (#33413480)

And here is the biggest problem with dealing with anything that evolves. Someone or something else will come along and evolve a way to defeat it. This happens in the world of biological viruses and bacteria, this happens in the world of animals, this happens in the world of Electronic Viruses and Spyware, and this happens with encryption.

I remember when the contest was to crack either the 56-bit or the 64-bit (do not remember exactly which) and it was done in a matter of days and not the years it was thought of happening in.

I remember when 8 character alpha numeric passwords were thought to be enough to be secure.

My brother-in-law at the NSA who works on securing the Government's firewalls says that it is an uphill battle at best.

I can honestly say that none of the stories of anything getting cracked surprises me any more. It seems that it is not a question of "if" it can be cracked, but "when" and "how quickly".

Re:Is anyone REALLY surprised? (1)

Fnord666 (889225) | more than 3 years ago | (#33413516)

And here is the biggest problem with dealing with anything that evolves. Someone or something else will come along and evolve a way to defeat it. This happens in the world of biological viruses and bacteria, this happens in the world of animals, this happens in the world of Electronic Viruses and Spyware, and this happens with encryption. e

xcept that in cryptography that doesn't always happen [wikipedia.org] .

Re:Is anyone REALLY surprised? (1)

luther349 (645380) | more than 3 years ago | (#33413622)

agreed. any sort of crypt can eventually be cracked.its jts just how it is.

There's still better privacy (1)

VincenzoRomano (881055) | more than 3 years ago | (#33413492)

Don't write or talk anything. None will intercept it.

Tham my vien Nova (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33413504)

Tham my vien [thammyvien.org]
Thuc pham chuc nang [thucpham-chucnang.net]
Dong ho [donghodeotay.net]
Van phong pham [vanphongpham.us]
Chan ga goi [changagoi.net]
Hoa tuoi [hoatuoi.info]
May hut am [mayhutam.org]
May chieu [maychieu.org]
Camera quan sat [camera-quansat.org]
May phat dien [mayphatdientrungquoc.net]
Tong dai [tongdai.us]
May Massage [maymassage.org]

Obligatory (1, Funny)

ewhenn (647989) | more than 3 years ago | (#33413614)

There is a crack, a crack in everything, that's how the light gets in.

Can we get truth in advertizing? (1)

BlueCoder (223005) | more than 3 years ago | (#33413616)

How about hacked quantum systems downgraded to std transmission?

There was no hacking of quantum crypto here.

Why 'hackers' and not 'researchers'? (5, Insightful)

RevWaldo (1186281) | more than 3 years ago | (#33413618)

Even respecting the working-all-day-and-night-in-the-basement-computer-lab origin of the term, using 'hacker' in the article seems like a blatant attempt to jazz it up, making it at first glance seem to be more about something akin to bank heist than a story about funded researches working in a university lab trying to find flaws in a security system, with the manufacturer's full approval to boot.

.

The USA Industry & Congress.... (1)

OldHawk777 (19923) | more than 3 years ago | (#33413638)

The USA Defense Industry and Congress will write a law that will prevent anyone (except .Com, .Gov & .Mil) from criminally hacking qEncrypt, making USAll safe from Norwegian Hacker Scientist. Also, US, EU, RU, CN... people and governments will be happy to comply with more legal control.

%~P=WeRFycked+*

no trace (1, Funny)

Anonymous Coward | more than 3 years ago | (#33413970)

'they have fully cracked their encryption keys, yet left no trace of the hack.'

It is only because nobody recognized the couple of fins lying around as evidence.

Tank (2, Funny)

Anonymous Coward | more than 3 years ago | (#33414058)

Unfortunately, not everyone has the space required for an aquarium to contain the sharks with those fricken lasers.

Quantum Key Generation (1)

Doc Ruby (173196) | more than 3 years ago | (#33414242)

I'm more interested in quantum computing to generate encryption keys that can't be broken by other quantum computing. Is there even a theoretical model for that?

Article Makes No Sense (4, Interesting)

SeekerDarksteel (896422) | more than 3 years ago | (#33414298)

The article is either missing massive details or these researchers are vastly overstating the power of their technique. The entire _point_ of quantum key exchange is that if Eve intercepts the signal she cannot tell if she read a 0 or a 1 because she does not know which basis the 0 or 1 was generated in. Even IF Eve passed a 1 along every time she read a 1, when Alice and Bob go to do the basis comparison over the standard channel they will notice errors because Eve read the signal in the wrong basis and passed along an incorrect value.

I've tried reading the actual journal paper, but unfortunately they just seem to handwave this problem away. Maybe there's a reason they can, but its sure as hell not explained as far as I can see unless they're assuming Eve has also compromised the classical channel as well as the quantum channel.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...