Mastodawn

GhostOnTheHalfShell Mar 3

@mttaggart

22 bit RSA I think most people’s phones could fart and crack that too

Jay Thoden van Velzen ☁️🛡️

Mar 3

@mttaggart it's crazy that this is the controversial, minority opinion in cybersec....

Stephan Neuhaus Mar 3

@mttaggart Note also the "expensive pre- and postprocessing" for the RSA "break". So far, each and every quantum factorisation has used massive trickery, which ensures that these "results" won't generalise. I haven't yet had a look at this one, but given that quantum annealing has had no demonstrable benefit over conventional computers, I think the chances are high.

https://fediscience.org/@hweimer/114855882006260378

Hendrik Weimer Mar 3

@mttaggart

As of today, the state of the art in quantum decryption is 0-bit RSA and ECC keys, respectively.

Hendrik Weimer (@[email protected])

Q: What is the largest number that has been factorized using Shor's algorithm on a quantum computer? A: No number has ever been factorized using Shor's algorithm on a quantum computer. Even for factorizing 15, the smallest possible number, the modular exponentiation part of Shor's algorithm requires several thousand two-qubit gates. This is still beyond the capabilities of current devices. #quantum #quantumcomputing #physics

FediScience.org

Taggart Mar 3

@hweimer These weren't strictly Shor's, but I take your point.

buherator Mar 3

@mttaggart CISOs don't usually do priority inversion alone: it's often compliance that makes not doing PQ expensive (penatly, non-compliance), while doing telnet cheap (cOMpeNsAtiOn cOnTRol).

(Side note: PQ should be easy to implement)

@buherator @mttaggart Yep. Even if we know the score, regulators don't care. To avoid being fined we smile, nod, and do the thing.

Oh wow, this topic

I think there are so many angles here (this could make a fun podcast discussion)

So I think there's the angle of nobody talks about or publishes about what I'll call "boring stuff". Fixing SMB1 and telnet is boring

So new ideas and research get all the attention. As many old timers know 99% of these new ideas and research go absolutely nowhere

Thanks to this noise factory, there's nobody talking about the boring stuff (even though I think there should be)

So how do you get attention in this constant noise?

And even the leaders who know better will play the game because movie plot threats will get you more budget than the boring stuff will

Taggart Mar 3

@joshbressers Is there any angle where quantum encryption concerns require investment today?

Josh Bressers Mar 3

@mttaggart No realistic concern

But there are plenty of pretend concerns that will get you budget :)

@joshbressers @mttaggart If you're lucky.

@mttaggart @joshbressers depends who you ask. Which is kinda the problem.

@joshbressers @mttaggart well partially the problem is that fixing SMB1 being out does not require "paying people to work on SMB1". It requires understanding *who* uses it, *why* and *to do what* in *which circumstances*. And then realizing that this is not considered a market with enough money to really matter.

@joshbressers @mttaggart Here is usually my point on this kind of stuff. My mom has a dental clinic. She is the only dentist there, 2 employees, not a big thing. She has 4 computers in there, lot of data and all. Map out her needs, like her actual needs, if we wanted to build her a reliable, secure and backed-up system. How much can she do herself? Do the products even *exists* (spoiler no). If she cannot, can a local IT tech do it in a reasonable budget?

If not, then, well, nearly all SMB are fucked and will use whatever has been easy to install by default.

@joshbressers @mttaggart And like, I am not joking about wanting that exercise being done. I think it should be a mandatory thing to do for the industry every year. Like something an industry wide body should do and publish, as in "reference implementation" but also score how easy it is to do. And if it is not, what is needed, where are the missing bits, etc.

*that* would be strategic thinking.

the vessel of morganna 2d ago

@Di4na @joshbressers @mttaggart dental clinic software is a great example, especially if they're running Eaglesoft or one of the other popular dental office suites. it's been >10 years since I had to touch it but even that long ago Eaglesoft depended on SMB1 to function properly in a "distributed" config. some of the clinics we picked up had their guest wireless putting clients on the same network as their lovely unsecured SMB1 server with zero firewalling 🙃

@astraleureka @joshbressers @mttaggart we are in france, so slightly different, but yeaaaaah.

It is a good example of a Small company, with limited ressource but still relatively high income and important data to secure.

@joshbressers @mttaggart There is also management refusing to let us upgrade ancient network equipment to stuff that doesn't only support telnet and SNMPv2 for remote management.

jesterchen42 Mar 4

@mttaggart Also, have a look at https://techcommunity.microsoft.com/blog/filecab/stop-using-smb1/425858 if you need support regarding smbv1.

I still cannot believe I had to send articles like that to AVM regarding their fritzboxes. 🙄

Stop using SMB1 | Microsoft Community Hub

First published on TECHNET on Sep 16, 2016 Hi folks, Ned here again and today’s topic is short and sweet: Stop using SMB1.

TECHCOMMUNITY.MICROSOFT.COM

Merospit Mar 6

@mttaggart Plenty of other issues to look into.

However, my query, as a non cryptographer, is whether the hybrid Q/non-Q encryption that seems to be popular gives valuable defense-in-depth, or does it add another attack surface through the extra software code.

mike805 Mar 6

@merospit @mttaggart There should be double encryption of the shared AES key, with post-quantum and ECC. And two different signatures, with post-quantum and ECDSA. If the developer does that and doesn't do something really dumb in the code, the result is at least as secure as regular ECC.

There was a proposal to allow post-quantum only. That is a Very Bad Idea. RSA and ECC have been studied for decades. These new PQ algos (excepting Merkle sigs) have not. Merkle sigs have huge re-use gotchas.

d@nny disc@ mc² 2d ago

@mttaggart the claim does not appear to be backed by IBM or printed in any form besides that link to x so i would even further question the success of the 6-bit claim. afaiu the number 25 remains too large to factor. this is of course to bolster the claim that post-quantum lattice methods are poorly justified particularly if they require accepting reductions in e.g. resistance to adversarial randomness.

Todd Knarr 2d ago

@mttaggart So, Google's blowing smoke about Q-day being in 2029.

@tknarr @mttaggart Probably have a few products ready to go for that.

Alexander 😷19h ago

@drwho @tknarr @mttaggart Maybe they looked at the state of the "AI" bubble and said "hey, let's try Quantum again!"

The Doctor 18h ago

@alxndr @tknarr @mttaggart Possibly.

@mttaggart I worked at a couple of places that were still using DES.

Stephan Neuhaus 2d ago

@mttaggart A followup on this one. Turns out that Shor needs so many qubits because it needs to compute x^r mod n for all r in range 1..n-1. Shor does this with quantum magic and lots of qubits.

The giant reduction in qubits for the claimed breakthrough is that they compute these classically and then load them up into the quantum computer. Of course that saves on qubits, but only at the expense of exponential running time. So, not actually a breakthrough, just more trickery.

Nikola Kotur 2d ago

@sten @mttaggart Trickery can be a breakthrough, too.

Stephan Neuhaus 2d ago

@mttaggart Not my discovery, BTW. I have this from a blog by quantum computing professor Scott Aaronson https://scottaaronson.blog/?p=9615

The ”JVG algorithm” is crap

Sorry to interrupt your regular programming about the AI apocalypse, etc., and return to the traditional beat of this blog’s very earliest years … but I’ve now gotten multiple mes…

Shtetl-Optimized

ShutterBugged 1d ago

@mttaggart It's also worth noting that many of the attention-grabbing headlines with cracked keys used bogus keys that no real cryptosystem would accept. eg. keys that use primes which are very close to each other, or which are mostly zeros, or are otherwise oddly structured.

It's one of the problems with letting physicists design physics experiments to "crack" keys for which they already know the answer.