• "First and foremost, there is no proper excuse for continued use of a broken cryptographic primitive (MD5) when sufficiently strong alternatives are readily available, for example SHA-2. Secondly, there is no substitute for security awareness." ... "Advice from experts should be taken seriously and early in the process. In this case, MD5 should have been phased out soon after 2004."

    Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Wegerr, "MD5 considered harmful today - Creating a rogue CA certificate", December 2008
    Read more...

  • "There is a good chance that large quantum computers can be built within the next 20 years.  This would be a nightmare for IT security if there are no fully developed, implemented, and standardized post-quantum signature schemes."

    Prof. Johannes Buchmann, et al, “Post-Quantum Signatures”, Oct 2004, Technische Universität Darmstadt

    Read more...

  • In the next five years we will counter many 'hacker' attacks but we will not be safe from Nation States and other large entities

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

    Read more...
Home Resources Expert Opinions Quantum computing quote: Brian Snow, Quantum computers flat-line RSA, D&H, and ...
quote: Brian Snow, Quantum computers flat-line RSA, D&H, and ...

So the threat to cryptography is well understood due to work by Peter Shor and others. A symmetric algorithm like AES or others standard crypto processes is cut (of) key-size in half, which is a dramatic reduction. It reduces AES on 128 (bit key) to 64 bits, a DES equivalent. We don’t need it.

So during the AES competition we put in an insurance policy. It was the right thing to do, because it had not yet been built and you have to take care of what you can think of in the long range future. If quantum computing came to be, they said put in a key size 256 (bits). We don’t need it now, its an absurd number, alright, but if quantum computing comes to be, it drops us to 128, a nice healthy number, still quite useable thank you, we can keep going and its no longer a threat.

So it was a marvelous response to quantum computing.

Now for key management purposes, against the RSA and the Diffie-Hellman and stuff, they flat-line under a quantum computer. It’s not just a cut (of) the key size in half.

Brian Snow, Former Technical Director of the US National Security Agency (NSA), Public Key Cryptography 30th Anniversary Conference, Dec 2006
 

Related Items