Quantum computing won’t stop your encrypted communications from being hacked
I recently watched a TED presentation on quantum computing in which the presenter did a great job of explaining the benefits; however, they…
I recently watched a TED presentation on quantum computing in which the presenter did a great job of explaining the benefits; however, they made a mistake many people make:
This technological advancement, of quantum computing, won’t prevent hackers from being able to get into your communication that has been encrypted with quantum computing.
Yes, quantum computers will be able to generate vastly stronger keys; however, we generate strong keys today… and that hasn’t stopped attackers and government organizations.
Weakest Link
When an attackers wants to access the contents of encrypted communications, there’s some powerful algorithms they need to make it through. Let’s say our communication had an RSA 4096 handshake and AES 256 data encryption. Do you think, with an exception of a handful of organizations, most attackers are trying to break the algorithms? Why would an attackers spend the resources trying to break something a team of PhD students is probably working on? In many cases, the algorithms aren’t the weakest link, there’s many easier targets for the attacker to go after.
Software Sucks
If the implementation is solid, and it’s a truly strong key, what’s a hacker to do? Easy, software sucks, and tends to be full of holes, especially if it has a hefty amount of code. The more code written, the higher the probability of there being bugs that could lead to an exploit. If you take a look at the National Vulnerability Database, you see a wide range of vulnerabilities for attackers to pick from.
Instead of an attacker breaking the algorithms… they can exploit vulnerable software and access the device. At that point, they have access to the data before and after it’s encrypted. Depending on the vulnerability, an attack could even swap libraries used by the OS with libraries with a backdoor, if sophisticated enough.
If software is all of a sudden solid, thanks to some AI powered quantum computer, there’s still humans. Social engineering can go a long way. You can throw millions at security, but that authorized employee, or parents, could still allow an attacker to walk right through the front-door — there’s no digital mantrap.
Quantum computing will be very powerful and beneficial to society, but attackers will continue breaking into systems, and accessing the data they’re after. Especially when security isn’t built into software from the start because it’s an inconvenience for developers.