[146756] in cryptography@c2.net mail archive
Re: [Cryptography] Why prefer symmetric crypto over public key
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Sat Sep 7 16:34:30 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 07 Sep 2013 13:01:53 -0700
From: Ray Dillinger <bear@sonic.net>
To: cryptography@metzdowd.com
In-Reply-To: <D64757F5-D269-45AB-9309-23BE06310E7B@cs.ru.nl>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 09/06/2013 06:13 AM, Jaap-Henk Hoepman wrote:
> In this oped in the Guardian
>
> http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
>
> Bruce Schneier writes: "Prefer symmetric cryptography over public-key cryptography." The only reason I can think of is that for public key crypto you typically use an American (and thus subverted) CA to get the recipients public key.
>
> What other reasons could there be for this advice?
>
I think we can no longer rule out the possibility that some attacker
somewhere (it's easy to point a finger at the NSA but it could be
just as likely pointed at GCHQ or the IDF or Interpol) may have
secretly developed a functional quantum computer with a qbus wide
enough to handle key sizes in actual use.
And IIRC, pretty much every asymmetric ciphersuite (including all public-
key crypto) is vulnerable to some transformation of Shor's algorithm that
is in fact practical to implement on such a machine.
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
