Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys

Posted by hasheddan 9 hours ago

Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys(words.filippo.io)

99 points | 50 commentspage 2

daneel_w 4 hours ago|

I wonder when the OpenSSH developers will change their stance on Ed448.

farfatched 3 hours ago|

I'm not familiar with their stance, but bear in mind the costs of introducing new key type on the ecosystem, and on maintenance of SSH implementations.

daneel_w 2 hours ago||

Imagine if we would've had the same hesitant cost-first reasoning about Ed25519, and then again about ML-KEM and SNTRUP.

occamofsandwich 7 hours ago||

Disconcerting opening. If you want to put hash algorithms in the same category as symmetric keys in this particular case then say so without referring to them as if they are symmetric keys.

FiloSottile 7 hours ago|

Hashes are symmetric cryptography primitives, and it's even proper to talk about key sizes for e.g. HMAC and HKDF hash-based constructions, to which Grover's algorithm applies analogously to how it applies to cipher keys.

occamofsandwich 5 hours ago||

Assuming a member of the target audience sees the connection between HMAC and symmetric keys AFA usage, would you like them to be making leaps like this in their regular usage of cryptography? (I really couldn't tell you if an algorithm that involves being able to look into the box in the middle might not have characteristics that means part or all the primitives involved are less quantum safe than an algorithm that lacks that possibility yet I'd suspect I have a lot more experience than the average reader drawn in by the title.)

rolph 5 hours ago|

encryption is not ever to be considered impossible to break.

every encryption scheme has at least one way to be decrypted.

fidelity of information is one use of encryption, if you apply the solution and get garbage, something is wrong, somewhere.

occultation of information is another use, that is commonly abused by extending undue trust. under the proviso that encryption will eventually be broken, you cant trust encryption to keep a secret forever, but you can keep it secret, for long enough that it is no longer applicible to an attack,or slightly askew usecase, thus aggressive rotation of keys becomes desirable

gucci-on-fleek 11 minutes ago|

> encryption is not ever to be considered impossible to break

One-time pads [0] are actually impossible to break, but they're pretty tricky to use: you must never ever reuse them, they must be truely random, and you need some way to share them between both parties (which isn't that easy since they need to be at least as large as all the data that you ever want to transmit).

[0]: https://en.wikipedia.org/wiki/One-time_pad