'I give fusion power a higher chance of succeeding than quantum computing' says the R in the RSA crypto-algorithm

Expert panel sesh turns heated on infosec conference's opening day

91 Reg comments Got Tips?

RSA As they do every year, the names behind the RSA crypto-system took the stage in San Francisco for the RSA Conference's crypto panel, sharing their thoughts on the pressing issues facing the information security world.

Ron Rivest (the R in RSA), Adi Shamir (the S), and Whit Diffie (of Diffie–Hellman key exchange fame) were joined this time by Tal Rabin (head of research at the Algarand Foundation) and Arvind Narayanan (a professor at Princeton University) to share some of their thoughts.

Quantum Computing: Pointless

Rivest, in particular, is not a big fan of the efforts to build encryption-busting quantum computers, for obvious reasons.

"I hope people building quantum computers fail," Rivest offered. "It would mean the demise of a lovely algorithm we all know and love."

Jokes aside, Rivest told the conference he has serious doubts about whether quantum computers will ever be realized, particularly at the size and scale needed to break his and other encryption algorithms.

"I give fusion power a higher chance of succeeding than quantum computing," Rivest said. "There is a lot of scaling that has to be done before you can break cryptography, I am not sure it can be done."

Blockchain: A combination lock in a grease fire

Rivest was similarly dubious about blockchain and efforts to shoehorn the technology into voting software.

"Blockchain is the wrong security technology for voting, I like to think of it as bringing a combination lock to a kitchen fire," he said, noting that paper ballots are still considered essential for secure voting.

"We have learned that we need software independence. Voting is not a place where you need high-tech for it to work."

Whit Diffie: Fan of spycraft

Cryptography pioneer Whit Diffie was asked to weigh in on the recent Crypto AG backdooring saga. Interestingly, Diffie said he was not surprised the CIA had managed to infiltrate and bug a commercial security tool. In fact, Diffie isn't even that mad. Spies do spying, and all that.

"I am very enthusiastic about intelligence. In general, I think intelligence is very valuable to stability," he explained. "Intelligence is not about playing fair, it is about succeeding. That is what this operation did with amazing success."

Adi is back

Early on in the discussion, Adi Shamir explained his absence from last year's conference. It seems the American visa issues that kept him away from the event were every bit as frustrating as first reported, and the professor said he spent six months waiting for permission to enter the country.

virus

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over coronavirus fears

READ MORE

"Since every other government in the world makes these decisions in 3-5 days, whoever is in charge of processing (in the US) should be replaced by a different element," he groused.

Right-to-be-forgotten and AI generate strong opinions

One of the hot topics was machine learning and, in particular facial recognition, with most of the panel agreeing the need for strong regulations on how machine learning and recognition tools should be managed.

"Not all the problems have been solved and we as the security and privacy community have a lot to contribute," noted Rabin.

There was less agreement on right to be forgotten laws, where some of the panelists clashed on who and what it is that could and should be scrubbed. For Diffie, the system is a pretty clear way for the powerful to scrub their images.

"I would like to understand how right to be forgotten could be for anything except to keep the little people in line," he said. "It is not the right to be forgotten by the secret police."

"Right to be forgotten will never work," declared Shamir. "There are all kinds of services such as the Internet Archive. What are they going to do with it? Are they going to eliminate these services that show you the state of information?"

Narayanan, however, pointed out that for people trying to clear criminal records in hopes of getting a job, right to be forgotten can be very empowering.

"Do you want the first impression of you to be your criminal record? Or do you want the right to bring it up on your own terms?" asks the Princeton prof, who notes that Google gets roughly 50,000 requests per month in the EU. "The right to be forgotten, in aggregate, is working pretty well in enabling people to de-list these search results."

Fortunately, Shamir stepped in to provide comic relief.

"Let's try an experiment," he said. "Earlier I said some nasty things about the people in charge of the visa process. I would like to ask for this to be forgotten."

Good luck, Professor. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Will Police Scotland use real-time discrimination-happy face-recog tech? Senior cop tells us: We won't... for now

After panel urges halt to live matching, top brass says it would only be 'used in an intelligence-led, targeted way'

$2.07bn? That's one Dell of a deal to offload infosec biz RSA

Texan tech giant hacks off part of security real estate, sells to consortium

Roses are red, IBM is Big Blue. It's out of RSA Conference after coronavirus review: IBMers will not attend infosec event over 'health concerns'

Updated Who will join the IT giant in staying away from San Francisco?

RSA Conference loses one more abbreviated tech giant after AT&T disconnects over novel coronavirus fears

RSA Alternative headline: Killer bio-nasty linked to former alien vault and cyber-hacker gathering

In 21st-century tech dystopia, smart TV watches you, warns Princeton privacy prof

You make de-legitimising targeted advertising as a business model sound easy

California tech industry gets its first big coronavirus hit: RSA Conference attendee infected, in serious condition

Updated NASA also struck, more conferences cancelled, WISPA is moving ahead

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

RSA 'If someone like me can't get in to give a keynote, perhaps it's time we rethink where we organize our events'

Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA

RSA Before you remove the mote from thy hacker's eye, remove the beam from the eyes of your, er, Teams

Biting the hand that feeds IT © 1998–2020