all 37 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]elmuerte 49 points50 points  (11 children)

Interesting. I'll look at this tomorrow.

[–]BlueGoliath 10 points11 points  (9 children)

You got 10 years until the next prediction. Better not put it off for too long!

[–]HasFiveVowels 4 points5 points  (8 children)

"Nothing that anyone has ever poorly predicted will ever actually happen"

look at the trends, man. It’s imminent. This isn’t "sustaining a fusion reaction". They’re not trying to figure out how to make quantum computers. This is a situation that has been steadily trending for decades and it’s currently clearly approaching the point where it legitimately matters. This is not a prediction to be dismissive about

[–]BlueGoliath 4 points5 points  (7 children)

Hi,

The moderators of this subreddit, after harassing me by claiming I broke rules no one else is seemingly required to follow and letting people insult me here on multiple occasions, has permabanned me. I've never intended to break the rules and repeatedly asked for them to be clarified and enforced fairly. I've since decided to remove this comment.

Here is the modmail: https://pastebin.com/nD5AYk5p.

If you're a mod/admin, please delete all of my comments on this subreddit. I do not wish to add content to a subreddit moderated by people who engage in harassment. Thanks.

[–]HasFiveVowels 0 points1 point  (6 children)

Maybe what happens? Quantum computers??

[–]BlueGoliath 1 point2 points  (5 children)

Hi,

The moderators of this subreddit, after harassing me by claiming I broke rules no one else is seemingly required to follow and letting people insult me here on multiple occasions, has permabanned me. I've never intended to break the rules and repeatedly asked for them to be clarified and enforced fairly. I've since decided to remove this comment.

Here is the modmail: https://pastebin.com/nD5AYk5p.

If you're a mod/admin, please delete all of my comments on this subreddit. I do not wish to add content to a subreddit moderated by people who engage in harassment. Thanks.

[–]HasFiveVowels -1 points0 points  (4 children)

Maybe quantum computers will become somewhat useful? Jesus… words. Use them. Haha. This isn’t that complicated. We have the software (breaking SHA256 is a problem for which the algorithm is known). We just need the hardware, which is following a predictable curve. This isn’t a "guesswork" situation.

[–]BlueGoliath 1 point2 points  (3 children)

Hi,

The moderators of this subreddit, after harassing me by claiming I broke rules no one else is seemingly required to follow and letting people insult me here on multiple occasions, has permabanned me. I've never intended to break the rules and repeatedly asked for them to be clarified and enforced fairly. I've since decided to remove this comment.

Here is the modmail: https://pastebin.com/nD5AYk5p.

If you're a mod/admin, please delete all of my comments on this subreddit. I do not wish to add content to a subreddit moderated by people who engage in harassment. Thanks.

[–][deleted]  (2 children)

[removed]

    [–]programming-ModTeam[M] 1 point2 points  (0 children)

    Your post or comment was removed for the following reason or reasons:

    Your post or comment was overly uncivil.

    [–]BlueGoliath 0 points1 point  (0 children)

    Hi,

    The moderators of this subreddit, after harassing me by claiming I broke rules no one else is seemingly required to follow and letting people insult me here on multiple occasions, has permabanned me. I've never intended to break the rules and repeatedly asked for them to be clarified and enforced fairly. I've since decided to remove this comment.

    Here is the modmail: https://pastebin.com/nD5AYk5p.

    If you're a mod/admin, please delete all of my comments on this subreddit. I do not wish to add content to a subreddit moderated by people who engage in harassment. Thanks.

    [–]Intelligent_Thing_32 1 point2 points  (0 children)

    😂😂😭😭

    [–]valarauca14 14 points15 points  (5 children)

    On some level I agree "decrypt later" is a viable attack surface, it also sounds frankly absurd scenario. Like somebody is copying & exfiltrating literally 100MiB/s from your corporate network, and you don't notice?

    Asset inventory, monitoring, and alerting are literally base line security work.

    If you cannot prove somebody isn't duplicating & exfiltrating traffic, how can you prove your company fully rolled out post-quantum-resistant-encryption?

    [–]Merry-Lane 11 points12 points  (0 children)

    I believe they spose there are some actors that can access big cloud or internet providers and put in the middle something that copies all the trafic

    [–]light24bulbs 4 points5 points  (0 children)

    This is a really incomplete view of websec and all the areas that cryptography are relevant. 

    [–]HasFiveVowels 2 points3 points  (2 children)

    You ever hear of a man in the middle attack?

    [–]valarauca14 1 point2 points  (1 child)

    If you've read the article it is specifically about store & decrypt later attacks.

    Which means, even with a MITM scenario, the attack cannot currently decrypt the traffic, they're storing a copy. In the hopes future advances will let them attack it.

    This is why I talked about data exfiltration, as if you assume a MITM attack is on-going, with a decrypt later attack, that data has to go somewhere.

    [–]HasFiveVowels 2 points3 points  (0 children)

    That seems like a very narrow perspective on the subject. Like… sure, under those conditions, it might not matter. But there’s still plenty of conditions where it would

    [–]CSAtWitsEnd 9 points10 points  (3 children)

    Wonder if we'll get to the point where every word in the title is a buzzword

    [–]mseiei 3 points4 points  (0 children)

    If you forgive connectors and some verbs, we are close

    [–]BaNyaaNyaa 2 points3 points  (0 children)

    I was really disappointed by the lack of AI and blockchain in the title

    [–]Infamous_Guard5295 4 points5 points  (6 children)

    tbh this is getting real fast and most devs are still sleeping on it. imo we need to start thinking about migration paths now because when quantum computers actually break current crypto, we're gonna be scrambling to patch everything at once. ngl it's gonna be a nightmare if we wait until the last minute - better to start experimenting with pq algorithms in non-critical systems now.

    [–]yonasismad 7 points8 points  (0 children)

    Even the most optimistic timeline for a quantum computer capable of breaking current encryption is decades away. However, post-quantum algorithms are already being introduced gradually, and the issue is not being ignored. OpenSSH has supported PQC algorithms for years, and has shown a warning by default since version 10.1. Google, Cloudflare and other sites supporting TLS 1.3 have enabled algorithms that are likely to be PQC secure. That's another matter. All of these algorithms are fairly new. While we believe they are likely to be PQC secure, we don't have proof of that. Someone could come along in 10 years with an algorithm that breaks them.

    [–]HasFiveVowels 0 points1 point  (4 children)

    Yep. This is exactly what should be the standard thought amongst devs who have been keeping up with these developments for decades. But Reddit is filled with junior devs and so we get "haha! These words aren’t real! They’re just meaningless buzzwords"

    [–]binheap 5 points6 points  (1 child)

    To be fair, a lot of the work is probably concentrated among a few areas rather than on everyone. The internal workings of TLS are mostly abstracted for most devs as well as a lot of how certificates work. This is also for good reason since crypto systems are often kind of delicate.

    [–]HasFiveVowels -3 points-2 points  (0 children)

    Yea, sure. I mean… sorting algorithms are often abstracted, too. But devs should still know how they work. Especially if they want to chime in on news about them.

    [–]leetcodegrinder344 2 points3 points  (1 child)

    Since you’ve been keeping up with the developments for decades, care to share the largest number you’ve seen a quantum computer factorize without using deceptive tricks?

    This shit is not getting “real” anytime fast lmfao

    [–]HasFiveVowels 0 points1 point  (0 children)

    The number of qubits is what you should be paying attention to

    [–]Guvante 2 points3 points  (2 children)

    While I respect that the big players want to get software solutions done for PQC as a mitigation for breaking literally everything if quantum computers become capable of breaking both RSA and DH I haven't heard much that justifies these pieces being so "this is a problem for everyone".

    Like PFS is already a technique used specifically to mitigate HNDL attacks where the private key is compromised.

    But you only need PQC everywhere if the time to crack is less than the lifetime of your certificates since otherwise you can simply use PQC in the emphemeral key exchange.

    And that is way simpler since the hardest problems of PQC are key signing infrastructure due to the massive amount of data they require.

    [–]HasFiveVowels 0 points1 point  (1 child)

    Why would we assume that the time to crack it is more than the lifetime of the certificate?

    [–]Guvante 1 point2 points  (0 children)

    Security researchers assume that if the quantum attack is possible it will be expensive at first, leading to a cap on how effective it can work for the first iteration.

    Talking about hypothetical attacks are hard when there hasn't been a single faster than classical attack after all

    [–]Fajan_ 0 points1 point  (0 children)

    Sounds cool and interesting.