theres loopholes in everything and usually it takes an idiot to find a loophole that a genius put in by mistake, thats where this will fail.

KainXS

hmmm, i wont bother to ask anyone to dumb that down for me, since I will assume;

- its gonna be real expensive
- its marketed by "Scientists"
- it will be hacked in less than 2 weeks

Yetibelle

Sadly, all encrypted messages can be accessed by answering a personal security question.

Hiphopopotamus

Trust me, being able to 'hack' into this network would have much less to do with being a hacker and a lot more to do with having genius class intellect with a penchant for quantum information.

PhysicsMan

I have no idea what this means:)
www.hdupdate.com

alohrey

[frontalot.com]

Valicious

@alohrey: basically it means that my trying to access the network you disturb the information you are trying to get at...

like trying to collect gas... it is going to be disturbed simply by trying to collect it

purple-pillows

Quantum cryptography generally relies on the spin state of the particle to encode data. Here it sounds like they are not only encrypting the data using inherent physical properties, they are then using the uncertainty properties to make sure that the connection is secure. Every time you measure a particle, you collapse the range of values down to one. As time goes on the range expands again, so essentially if someone else were to measure the photons (which they'd have to do to intercept messages) you could could see this change.

Turkeyloafer

@Yetibelle: It will be hacked due to implementation but the principle which underlies it is rock solid. It just follows that the attempt to measure anything will change in that which you seek to measure.

For a simple example, when you use a thermometer to check body temperature the act of placing a room temperature thermometer in the mouth will alter your results ever so slightly. It may be negligible but it is there. The only way to measure the temperature without altering the subject is to know the temperature beforehand so you heat the instrument to the temperature you are attempting to measure. But obviously you cannot know the temperature you are measuring or there would be no point in measuring it.

Basically the act of measuring something will change it in some way and therefore you cannot truly measure anything.

sxr7171

@Git Em SteveDave loves this guy-->: Hey I remember that show. It was called Quantum Load, right?

Jrsy is the dude, playing the dude, disguised as another dude

Theorizing that one could encrypt porn for more than a lifetime, Dr. Samuel Becket stepped into the Quantum Encryption Accelerator and vanished. He woke to find himself trapped in the past, unable to access internet porn and driven by an unknown force to search for stranger and stranger porn. His only guide on the journey is Ron, a porn star from his own time, who appears in the form of a hologram, with a huge organ that only Sam can see or hear. And so Dr. Beckett finds himself flipping through magazines and more magazines, striving to find the pornography that is so wrong, and hoping each time that the next password will unlock his porn.

+ Watch video

Git Em SteveDave loves this guy-->

@sxr7171: laser thermometer?

cpthook

@redkamel: I meant Schroendingers cat, not the Heisenberg...

redkamel

@Git Em SteveDave loves this guy-->: oh man that was a great comment....it reminds of this comic

[www.villagevoice.com]

unfortunately, I am the only person I know in meatspace who though it was funny because of the Heisenberg Uncertainty Principle.

For people still mixed up, I'll TRY to clear it up. As I understand it, the theory this encryption works on is roughly like this: the act of measuring changes your item. For example, sticking a thermometer in a tub of water will change the temperature (because the thermometer is hot or cold, and inserting it imparts some energy, and it even moves some water around, possibly moving more heat to the surface to be dissapated etc etc). A laser thermometer will also impart energy. So if someone had a good enough detector that was always on, they could know if anyone tried to stick a thermometer in the pot of water because they would see its energy change. Its a little different for photons than a pot of water, but the same idea.

redkamel

@Yetibelle:

Just to point out that quantum cryptography has been around for a few years, and I believe that there are a few companies (such as magiqtech and id Quantique) that sell such systems. If I remember correctly, they sell the equipment for $10's or $100's of thousands of dollars which isn't so expensive for businesses like banks.

As to your second point, I don't know why you put scientists in quotations. There's science behind the products, and it's mathematically proven. Would you rather it being peddled by "marketers"?

As to your final point, once the key is made it is not possible to hack. Because each individual bit is generated randomly... there is no math involved and hence no processing involved to decipher the key. That being said it is possible to tamper with quantum key distribution system. Depending on which QKD encoding (phase or polarization are the two I know of) there are different way to do that. One of the main ideas though, is that once the key is made, the information encoded using the key is secure now and forever. So if I were to send an encrypted file of highly sensitive data (nuclear tech for example) to someone such as the pentagon, and that file were to fall into the wrong hands... it would be impossible to crack. By impossible I mean they would literally have to guess the encryption, and the encryption can be as long as I want. So the probability of guessing the right key would be 1/(2^n).

The final point is that in the U.S. at least, this will not be for the layman since the government will want to have to option of decrypting our e-mails, bank account numbers, and whatever else we send over the internet. But they will gladly use it because everything they encrypt now can be broken very quickly by a quantum computer... if they every become a reality.

Whoopsi

Unbreakable like the Titanic was unsinkable.

TheMurderer

So, if I forget my password, is killing a cat the only method to retrieve it?

dialing_wand

Dammit! You changed the outcome by measuring it!

madog

@TheMurderer: Bad analogy: no biscuit.

It's slowly sinkable for has broken versus not yet fast enough breakable not to get sinkable.

Valicious

@dialing_wand: Not knowing whether it's dead might be of use.

Valicious

@Hiphopopotamus: Yeah, but seriously, it's not like someone can find out my mom's maiden name.

...right?

unibrow4o9

...which will all be moot because the billion dollar CEO will put his passwords on a post it note on his monitor.

razordu30

@Valicious: Since its made by people someone made a mistake somewhere. First, based on what I understand of the concept, the receiver needs a device that can detect changes in the photons being sent. A device that could also be used by and interceptor and then using a different device he could also recreate the photons. Somewhat unlikely. More likely though is that a definition of the state of the photons has to be shared between machines as well so each machine knows what to expect from each photon and if one machine detects a change it has to be able to tell the other machine to stop transmitting, which could also be taken advantage. From what I understand there is no change in the actual encryption method just in eavesdropping detection. Sounds like there are enough holes for someone smart enough to exploit

Zomb

Do you people even hear yourselves?

Cryptography is never unbreakable. Given enough time, even the simplest brute force method will eventually find the key. The point is to keep a message secret long enough that by the time you break it, the message's secrecy has no value.

The only known "secure" cryptography involves one-time pads. Completely random, never reused, the key changes for every message. And depending on the length of the key, might still be vulnerable to plaintext attacks, not to mention accidents in the randomness in generating the pads, or the problem of key distribution. And yes, until we prove quantum entanglement, man in the middle attacks will still exist (again, how do you get quanta A entagled with quanta B remotely?)

Quantum encryption by my understanding is a way of solving the key distribution problem that one-time pads face. Getting the key from side A to side B isn't guaranteed, it's just that side B would know if anyone else had peeked at it along the way, thus making the seed values untrustworthy.

Maybe I need to go brush up on my Heisenberg, but him postulating that there's no way for anyone to know the exact position in space of a given atom questionably adds to the security of the spin of a quanta.

transiit

Quick wikipedia refresher on quantum cryptography:
"Quantum cryptography, or quantum key distribution (QKD), uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random bit string known only to them, which can be used as a key to encrypt and decrypt messages.

An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This results from a fundamental part of quantum mechanics: the process of measuring a quantum system in general disturbs the system. A third party trying to eavesdrop on the key must in some way measure it, thus introducing detectable anomalies. By using quantum superpositions or quantum entanglement and transmitting information in quantum states, a communication system can be implemented which detects eavesdropping. If the level of eavesdropping is below a certain threshold a key can be produced which is guaranteed as secure (i.e. the eavesdropper has no information about), otherwise no secure key is possible and communication is aborted.

The security of quantum cryptography relies on the foundations of quantum mechanics, in contrast to traditional public key cryptography which relies on the computational difficulty of certain mathematical functions, and cannot provide any indication of eavesdropping or guarantee of key security.

Quantum cryptography is only used to produce and distribute a key, not to transmit any message data. This key can then be used with any chosen encryption algorithm to encrypt (and decrypt) a message, which can then be transmitted over a standard communication channel. The algorithm most commonly associated with QKD is the one-time pad, as it is provably secure when used with a secret, random key[1]."

What it means in the real world, using quantum cryptography the MOST risky part of the encryption process (the sharing of keys, the establishment of a web of trust) is bypassed.

Furthermore as transiit states, its not unbreakable, its just that eavesdropping on the key exchange is detectable, and a new more secure key can be "issued" and so on.

But its not encryption per se, its just a way of choosing keys for encryption. so the encrypted part is just as vulnerable to brute forcing as it is today.

BTW: Heisenberg said that you could know either the speed or position but not both. it introduced the notion that the observer changes that which is observed.

Tensor

I may be a dumbass, but what does that mean in proper English?

michaelleung

Quantum key distribution is indeed theoretically secure. A good place to start if you want to understand why is to look up the "no cloning" theorem. To sum up (princess bride style), it is physically impossible to measure all aspects of a single photon at the same time. You can make a measurement that gives you partial information about that photon, but partial information isn't enough to make a perfect copy.

This inability to make perfect copies is what quantum encryption of the sort being used here exploits. If you establish a key using one single photon per bit, the eavesdropper can't just remove some photons from the link and measure them the way she could with a classical signal that has many identical photons representing each bit of information. If a photon doesn't arrive at the recipient, the people communicating can't use it as part of their key. If the eavesdropper tries to clone and resend some of the photons she intercepts, those single photons will not be perfect copies of what the sender sent. The receiver will make measurements that are impossible based on what was sent by the sender and the eavesdropper will be detected.

Of course, practically secure isn't quite the same as theoretically secure. Building any real world system involves making compromises that can result in exploitable weaknesses. However, the sort of exploits we're talking about are not the sort a group of script kiddies are going to bash out in a couple weeks.

I do think Quantum encryption is going to be very important in the near future since practical quantum computers will basically render classical encryption schemes useless. However, there are big problems that still need to be overcome. Perhaps the most urgent one, at present, is finding a way to build practical quantum memory units. Current QKD networks are limited to about 150km before loss in the fiber becomes too large to establish a secret key, and at these distances the secret key data rate is truly pathetic. (a 28K modem is orders of magnitude faster!) With quantum memory you can build quantum repeater networks that will solve this. In such a network, you won't actually have to trust the repeaters, unlike current QKD networks in which, if you aren't communicating over a direct link, you have to trust the node in between you and who you're talking to. Not surprisingly, quantum memory is one of the hot research topics at present, and a variety of groups around the world are working on the problem using a wide range of approaches.

CircusSeal

nothing is Unbreakable!
quantum computers will be, so we've back where we started...

normalEncryption-normalComputers EQUALS quantumEncryption-quantumComputers

shpe11

@Zomb: Since the iceberg wasn't Yeti-carved *unless [uncyclopedia.org] it couldn't have had that pitcher/catcher relationship with that boat we people have upon it.

Sometimes , a bug is a feature.

Valicious

@michaelleung the short answer is that crypto is a hard problem. the smart-ass answer is that I'm glad somebody found some corroborating evidence so I didn't come off as an idiot. the hard answer...well....

Here's the thing. No crypto system is perfect. Even a fully randomized one-time pad will eventually can eventually be guessed. Crypto is useful because we figure that if the number of guesses it takes to find the key takes long enough that whatever you're trying to hide isn't worth hiding by the time somebody guesses the magic number, then it's basically a good system.

But there's a lot of pitfalls in crypto systems. If somebody finds a mathematical shortcut that reduces the number of guesses they have to make for the magic number, then they've cut the time down between solving the puzzle and the amount of time you want to keep whatever secret.

Some of these shortcuts rely on things like statistical analysis. If you know that some letters (say, "R, S, T, L, E") show up more often in plain text than others, you can start looking for patterns. If you know that an email always begins the same way (Like "From: michaelleung@wherever.net"), then you can make some guesses at what the magic number would be to take that known text and turn it into "AAGDAJSDJFASDFASDJAS"

If you keep using the same magic number over and over again, you increase the chance that somebody will notice a pattern. If the magic number isn't long enough to mask the entire message, you're basically reusing it.

So the "secure" way is to find a magic number that is fully random (computers aren't good at random. a lot of attempts at getting them to spit out random numbers have produced results that can be reliably guessed), then you reduce the chances that somebody will guess the magic number. The problem is, how do you get the secret number to the recipient without somebody else sneaking a peek at it between you and them?

Public key cryptography went a long way towards solving that problem, and it largely did it by using math that was easy one way, but hard the other. If I asked you to multiply 73 x 23, it wouldn't be a huge challenge for you to say "1679. duh." But if I asked you what two numbers multiplied gave you 536821761, it would take you a little longer (it's 16,383 x 32,767, for what it's worth). Those are small numbers. Try solving the problem for numbers hundreds of digits long. Not so easy, right?

But the eggheads are good at that. They find shortcuts to solve the problem, or they run projects (*cough* distributed.net *cough*) that get lots of people with lots of machines solving the problem in brute force in parallel.

The thing about quantum cryptography is that you can theoretically encode a number based on the spin of a photon. Due to math that's way beyond my pea-brain, they can prove that observing the way that photon is spinning will fundamentally change how it spins, so much so that you can detect on the other side that somebody peeked at what the value was. It has more to do with a guy named Schrödinger and a bunch of undead cats than Heisenberg.

So if you don't have to rely on "hard to solve" math problems being your weakness and can send a highly-random magic number instead (with some mechanism to know it got there safe and sound), then quantum crypto is your friend.

But chances are good that somewhere or somehow, somebody involved in the exchange did something that made it less than perfect.

Like I said, crypto is a hard problem. There's a lot of ways to get it wrong.

transiit

@PhysicsMan: Thank you! "Hack" is the wrong verb. Thousands of mathematicians and Physicists have been working on this tech for decades. If anyone finds an exploit in this implementation of quantum encryption it will be an academic, not some 13 year old dweeb hacker in his spare time between jerk sessions at fartnation.com.

Holyelephant

Forgive me for asking this, but can someone explain why an eavesdropper can't just recreate the intercepted signal?

xanderbeedle

@transiit: The whole point of the one time pad is that you can 'crack' the key in any way you want. I could send you Pi to a million places and someone could brute force a key that reveals the first million characters of the works of Shakespeare. Of course it could *eventually* be cracked, but how the hell are the crackers going to distinguish that one real answer with every single other legitimate answer they worked out? You might as well just guess an answer that is the right length.

If the key is truly random (using input data from some chaotic system like a marble in a tumble dryer or radiation from a source) then the one-time-pad system that is used in quantum crypto is completely secure.

xanderbeedle

@shpe11: Flawed logic you hick. just because both have the fancy 'quantum' word in front of them, doesn't mean they are as powerful as each other and thus the future equivalent of what we have now.

xanderbeedle

The SUREST way to get someone to do something is to tell them it cant be done. Human nature.

Curves

Ahem.

[www.tgdaily.com]

Quantum encryption has already been hacked! :)

malcs

@Curves: "...in Hollywood movies".

Wow, I think I just invented a new variation on the Fortune Cookies game. You can take almost any unsupported wild-ass assertion, add "...in Hollywood movies" on the end, and you've got a script idea. Cool.

theczardictates

>@transiit: Do you people even hear yourselves?

No, I can't hear anything over the noise of people who have no idea what they are talking about, yet post their assertions on how easy quantum cryptography will be crack. (Hint: idiots find flaws in systems designed by smart people all the time... in Hollywood movies).

That's what I love about the Internet: so much information readily at hand, so little willingness to go read any of it before posting "this won't work!!@!"

theczardictates

I'll give it till Tuesday.

EVEs_Mako

@KainXS: Please let us know when you find it then.

broho

@Holyelephant:
I really hope you're wrong and it is some 13 yr old, acne ridden, basement dwelling kid who cracks this.

Its just so much more poetic to see milions of dollars of research and thousands of hours of work by scores of Ph-D-ed researchers thwarted by the ingenuity of a pre-teen!

Rustabout

Right, and the Titanic was unsinkable.

Never believe anybody who boasts about their own stuff.

EricAlder

Perhaps uncrackable but not un-interruptable. If my computer had to reroute it's secure connection everytime someone tried to hack into it I wouldn't get anything done.

Navin R Johnson

@malcs: By a student. With lasers. That's made of awesome.

Gann

@theczardictates: I always preferred "..and hijinks ensue."

Git Em SteveDave loves this guy-->

isnt this like the Titanic claiming to be unsinkable?

I see a 12 year old geeky iceburg coming....

MFlick

While I agree that nothing will be "unbreakable" do you think that it is possible that some encryption will require enough computational complexity that breaking it is impractical (something that would take 1000 years to break, taking into account advances in processing)?

DorkRawk

@Rustabout:

It may well be an acne-ridden 13-year old, but make no mistake; he'll have to be a genius on the level of John Nash with a deep understanding and insight of creation greater than Niels Bohr and Werner Heisenberg.

Citizen Kang

It may be readable, but it will ALWAYS detect activity.

metaslugx

there are so many phases the information has to go through before and after transmission and all of those phases would be more prone to hacking.

When was the last time you've heard about anyone cutting an internet cable to in order to tap in? Now compare that to giving away T-shirts to get people's passwords or the number of email viruses out there

Raidah

@PhysicsMan: Not really. Social skills employed in creative ways can also do.

Raidah

@broho: It's called the "idiot end-user". Once that info has been received, odds are the content will be compromised. The end-user is where most security is compromised.

Now, if you were required to wear quantum eye glasses to view that data, we are talking a whole different game.

FrankenPC

I found a link from Cryptome's website already stating they think they can break this. Here's the Article that says it, Its a pdf. http://arxiv.org/ftp/arxiv/papers/0809/0809.3408.pd Here's another link http://www.tgdaily.com/index2.php?option=com_content&task=view&id=39599&pop=1&page=0&Itemid=108 It sounded like a good idea. I'm not convinced yet.

WaltonNatta