Uncrackable? Maybe… in any case, it’ll be a long time before it’s a practical reality.

“Researchers have developed the world's first ‘uncrackable' security system to protect communications against cyber attacks, it has emerged.

A team at the University of St Andrews along with international partners are believed to have achieved 'perfect secrecy' with the new technology, which stops the threat of quantum computers being used to hack into data.

The proposed new system uses silicon chips that contain complex structures that are irreversibly changed to send information in a one-time key that can never be recreated nor intercepted by an attacker…”

https://mol.im/a/7816429

Other interesting info follows.

Wasn't that how Bluray security was supposed to work? It created a little java instance with a one time thing...

Every time I read "uncrackable" I think about how little I want to invest in it.

Like the unsinkable ships of the Victorian era and after.

The only uncrackable security system is one that is completely closed off from the outside. And that’s only if the inner circle inhabitants are completely trustworthy. The minute an “uncrackable” system is announced, hackers set to work on breaking it.

quote:

Originally posted by gearhounds:
The only uncrackable security system is one that is completely closed off from the outside. And that’s only if the inner circle inhabitants are completely trustworthy. The minute an “uncrackable” system is announced, hackers set to work on breaking it.

It sounds like a one-time pad encryption scheme implemented at the hardware level.

https://en.wikipedia.org/wiki/One-time_pad

Assuming the two communication endpoints have the only copies of the pad, intercepted communications encrypted with a one-time pad are perfectly secure and absolutely uncrackable.

There are downsides - you have to get the pad to the two communication endpoints in a secure way (if someone copies the pad, it isn't secure any more) and you can only transmit so much information before you use up the pad.

If they are reusing the pad or using something like a pseudorandom number generator to generate an infinite pad, then it wouldn't be perfectly secure.

quote:

Originally posted by maladat:
It sounds like a one-time pad encryption scheme implemented at the hardware level.

If—if—they truly accomplished it, there would be a huge sigh of relief from all the people concerned about quantum computing.

And whenever I read of someone’s adamant skepticism about the truth or even practicality of some supposed advancement like this, I’m reminded of a quotation from Charles Darwin:
“[I]gnorance more frequently begets confidence than does knowledge; it is those who know little, and not those who know much, who so positively assert that this or that problem will never be solved by science.”

quote:

Originally posted by maladat:
(if someone copies the pad, it isn't secure any more)

That was essentially the reason for the success of the VENONA program that enabled the US to decrypt messages sent by KGB agents in the late 1940s. The organization used one-time pads for its messages, but evidently due to logistical reasons, the pads got reused at times and places. It was still an incredible (to me) effort that led to exploiting that vulnerability, but demonstrated that “one time” requires truly being one time to be secure.

I have heard this song and dance before.

It is uncrackable until its cracked.

It reminds me of all the unpickable locks that someone always finds a way to pick.

quote:

Originally posted by sig2392:
I have heard this song and dance before.

It is uncrackable until its cracked.

It reminds me of all the unpickable locks that someone always finds a way to pick.

The one-time pad really is theoretically impossible to crack if the system works as designed. For probably a very long time, at least for now.

quote:

Originally posted by sigfreund:

quote:

Originally posted by maladat:
It sounds like a one-time pad encryption scheme implemented at the hardware level.

If—if—they truly accomplished it, there would be a huge sigh of relief from all the people concerned about quantum computing.

I doubt it, this kind of system is SEVERELY limited in practice.

If you wanted to use it to encrypt your communications with your bank, for example, your bank would have to have a chip in a computer somewhere dedicated just to you (and one for every other customer) and send you a matching chip (say, in a USB key) and you wouldn't be able to communicate with the bank without the USB key.

And the USB key wouldn't be useful for communicating with anyone except your bank.

I think in practice, if this sort of thing sees any use at all, it would be for things like military communications, diplomatic communications to embassies, MAYBE some top-level corporate communication between large offices.

Anyway, I don't think there is good reason to be concerned about quantum computing at the moment. Really practical quantum computers are at a minimum a decade or more away (some big names in the field think quantum computers may NEVER be practical), and quantum computers aren't magical machines that can solve any problem instantly. We know theoretically an upper limit on the difficulty of problems quantum computers can solve quickly (and they may actually be less powerful than that, it just hasn't been proven yet), and that upper limit means encryption schemes can be developed for conventional computers that are infeasible to crack even with quantum computers, and those encryption schemes are already under development and being standardised.

quote:

Originally posted by wrightd:

quote:

Originally posted by sig2392:
I have heard this song and dance before.

It is uncrackable until its cracked.

It reminds me of all the unpickable locks that someone always finds a way to pick.

The one-time pad really is theoretically impossible to crack if the system works as designed. For probably a very long time, at least for now.

If the pads are kept secure, a one-time pad is totally uncrackable, forever, because without the pad, there is mathematically zero information in the encrypted communication, it's just a stream of random characters. You can "crack" it to literally any possible message of the same length and there is no way to know which one is the real one.

Of course, there's not enough information to be sure that what they've actually done is correctly implement a hardware one-time pad.

Smart money would be on "not yet crackable" or "not crackable with today's technology" as opposed to "uncrackable;" "hasn't been hacked yet" as opposed to "can never be hacked."

There is a huge difference between privacy and trust. WRT to currently used encryption strategies, they are "good enough" that a OTP buys a little additional privacy, at a huge incremental infrastructure cost, and probably a net loss to trust. The announcement referenced in the OP appears to be not much more than a way to lower the cost and increase the reliability of OTP dissemination, not a small thing in and of itself, but probably less than the "researchers" want to claim.

There are ways to get truly random bit streams from, e.g. radioactive decay, but if these magic "silicon chips that contain complex structures" use a seed or key to post-process a PRNG, that just moves the "crack" to a different place in the sequence of computations that convert plaintext <=> ciphertext.

In any case, there is little "new" in this "announcement."

Maybe they’ll call it Ultra , someone working on it will come up with a system to test it out and will crack the code.

If people made it, people can crack it.

Meanwhile, I’m over here trying to figure out the 4 digit pin on the old iPad...

quote:

Originally posted by RHINOWSO:
If people made it, people can crack it.

Exactly. Whether it’s due to laziness, carelessness, or duplicity, if humans are involved in the process it cannot be 100% secure forever.

quote:

Originally posted by Veeper:
Every time I read "uncrackable" I think about how little I want to invest in it.

Like the unsinkable ships of the Victorian era and after.

'Uncrackable' always reminds me of the German Enigma code. They thought it was uncrackable, and their blind faith in its security helped them lose the war. The US's only real strategic surprise in the ETO was the Battle of the Bulge, and that was only because the Germans didn't use radio signals to transmit.

Defnyddiwydycodhwnynystodgweithrediadaumilwrolynyrailryfelrydacnichafoddeiddatgodioerioedganyralmaenwyrcymraegynunigydywhebyratalnodi.

This 'code' was used in WW2 and to my knowledge, was never cracked by the poor Germans intercepting it.

It is, of course, just Welsh without punctuation marks.

quote:

Originally posted by tacfoley:
Defnyddiwydycodhwnynystodgweithrediadaumilwrolynyrailryfelrydacnichafoddeiddatgodioerioedganyralmaenwyrcymraegynunigydywhebyratalnodi.

This 'code' was used in WW2 and to my knowledge, was never cracked by the poor Germans intercepting it.

It is, of course, just Welsh without punctuation marks.

Yeah, like anybody truly understands the Welsh!

I think in a long communication, even a one-time-pad will have the same code used several times. Pattern recognition can then crack the code.

flashguy