this post was submitted on 13 Oct 2024
104 points (81.0% liked)

Technology

59374 readers
6264 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 60 points 1 month ago (28 children)

I love how it did not at all explain what they broke. It mentioned "rectangle"? Whats that? How does it have any relation to AES? Because AES is NOT vulnerable to quantum computing. Did they get the key by knowing the ciphertext and the original data?

[–] [email protected] 17 points 1 month ago* (last edited 1 month ago) (15 children)

Because AES is NOT vulnerable to quantum computing.

I have not been following the quantum computing attacks on cryptography, so I'm not current here at all.

I can believe that current AES in general use cannot be broken by existing quantum computers.

But if what you're saying is that AES cannot be broken by quantum computing at all, that doesn't seem to be what various pages out there say.

https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not

Is AES-256 a post-quantum secure cipher or not?

The best known theoretical attack is Grover's quantum search algorithm. As you pointed out, this allows us to search an unsorted database of n entries in n−−√ operations. As such, AES-256 is secure for a medium-term against a quantum attack, however, AES-128 can be broken, and AES-192 isn't looking that good.

With the advances in computational power (doubling every 18 months), and the development of quantum computers, no set keysize is safe indefinitely. The use of Grover is just one of the gigantic leaps.

I would still class AES as quantum resistant, so long as the best-known attack is still some form of an exhaustive search of the keyspace.

[–] [email protected] 3 points 1 month ago (8 children)
[–] [email protected] 1 points 4 weeks ago

Because hashes are deterministic one way functions - they're generally one way only

Let's say I hash a picture. It could go from 14MB to 128 digits of base 64 - there's orders of magnitude less information in the hash than in the source data

Now - with that hash can you rebuild the picture? You've lost a great deal of information, you don't necessarily even know the size or the format of the input.

Let's set up an equation - x is the input (the photo), so hash_func(x) = hashx

There are multiple, maybe infinite (depending on the hashing function) values of x that will solve our equation. In the case of the photo, most of it will be random combinations of pixels that mean nothing to a human. There could also randomly be things that appear meaningful, but without knowing more about the original you could never be sure if you have the correct answer

Now, passwords might actually be shorter than the resulting hash, but we salt them so each password hash function works differently, and can still destroy information from the original password. Part of the password and the salt are then used as basically the seed for a deterministic random function to generate this extra information

Again, you have the dual problem of a huge problem space as well as an inability to be sure you have the original input or just another solution

Ultimately, everything is defeatable, and if you can narrow down the problem space (say, by knowing the length of a password, having enough known before and after data, or finding a bias in the algorithm), you can reduce the needed computations by orders of magnitude and make it feasible. Quantum computers also grow exponentially with chained qbits, so I expect someone clever will figure it out sooner or later

load more comments (7 replies)
load more comments (13 replies)
load more comments (25 replies)