this post was submitted on 13 Oct 2024
104 points (81.0% liked)

Technology

59374 readers
7248 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 1 month ago (1 children)

Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size. Interesting.

You know way more than I do.

[โ€“] [email protected] 3 points 1 month ago* (last edited 1 month ago)

Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size.

That's not my understanding, which is that it's more-secure than that and doesn't require the doubling. Assuming the pages I linked are correct and that the understanding of them from my skim is correct, both of which may not be true:

  • About a decade-and-a-half ago, it was believed that AES of existing key lengths could be attacked via a known quantum algorithm -- Grover's algorithm -- using future quantum computers. However, the weakness induced was not sufficient to render AES of all key lengths practically vulnerable. it would be viable to simply increase key lengths, not redesign AES, sufficient to make it not attackable via any kind of near-future quantum computers.

  • At some point subsequent to that, it was determined that this attack would not be practical, even with the advance of quantum computers. So as things stand, we should be able to continue using AES with current keylengths without any kind of near-future quantum computer posing a practical risk.

Take all that with a huge grain of salt, as I'm certainly not well-versed in the state of quantum cryptography, and I'm just summarizing a few webpages which themselves may be wrong. But if it's correct, you were right originally that there aren't going to be near-term practical attacks on AES from the advance of quantum computing, not from any presently-known algorithm, at least.