Special Features

Spotlight on RSA

You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years

RSA's Adi Shamir thinks we're safe for a generation, but more gnarly keys are still a good idea


RSA Conference Adi Shamir, the cryptographer whose surname is the "S" in "RSA", thinks folks need to stop worrying about quantum computing breaking encryption algorithms.

Speaking on the annual cryptographers' panel at the RSA Conference in San Francisco this week, he opined that in the 1990s he saw three big issues appear on the security industry's radar: AI, cryptography, and quantum computing. Two out of three had delivered, he said, and quantum computing has yet to show promise and won't for decades to come.

99 percent of encrypted messages are junk, he opined. Requests for lunch meetings or banal chat; waste of time to decrypt, and there's so much of it.

The idea that such missives would be a top cracking priority isn't realistic, he reminded the audience. And while important messages might be decoded decades on, the signal-to-noise ratio is going to make throwing a quantum machine at the job a poor way to find real secrets.

He wasn't alone in his skepticism. British mathematician Cliff Cocks, who developed public-key cryptography years before session host Dr Whitfield Diffie and his colleagues came up with the same idea, was somewhat cutting about stories that the Chinese have developed quantum systems to crack current encryption systems.

The Chinese system may work well on very small data sets, he opined, but there's "no evidence whatsoever" that it would work on a larger scale. That said, Anne Dames, IBM zSystems Distinguished Engineer and Cryptographic Technology Architect, argued China's efforts are as good a reason as any to update your public-private keys just to be on the safe side. The longer and more secure the keys the better she opined. There's no harm in using quantum-resistant algorithms, either, we note.

The RSA cryptographer's panel in San Francisco today

"Quantum computers, even if they don't exist today, will do in the next 30-40 years, so we will need to switch keys," she advised, saying the current concerns over quantum cryptography reminded her a lot of blockchain hype.

That said, all the encryption in the world isn't going to help you defend against insider threats. It's been ten years since an IT contractor called Edward Snowden managed to walk off with the NSA's crown jewels, and the latest Pentagon leak is alleged to have involved a guy showing off classified information on Discord to impress friends. This showed the systems we use are still critically weak, Diffie argued.

Shamir argued Snowden was a short-term and long-term disaster for the NSA, and diminished America's influence by exposing directly long-suspected practices - such as the presence of backdoors in commercial products - for which no evidence had previously been available. Quantum computers breaking encryption could deliver similar revelations, Shamir opined, but it's a way off doing so. ®

Send us news
20 Comments

Microsoft Copilot for Security prepares for April liftoff

Automated AI helper intended to make security more manageable

In the rush to build AI apps, please, please don't leave security behind

Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

March Patch Tuesday sees Hyper-V join the guest-host escape club

Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet

Infosec teams must be allowed to fail, argues Gartner

But failing to recover from incidents is unforgivable because 'adrenalin does not scale'

Forget TikTok – Chinese spies want to steal IP by backdooring digital locks

Uncle Sam can use this snooping tool, too, but that's beside the point

Row breaks out over true severity of two DNSSEC flaws

Some of us would be happy being rated 7.5 out of 10, just sayin'

FreeBSD Foundation hands out Beacon gongs for safer software

Multiple CHERI-related projects win money for important research that prizes safety over speed

Truck-to-truck worm could infect – and disrupt – entire US commercial fleet

The device that makes it possible is required in all American big rigs, and has poor security

Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon

Unless you want to be the next Change Healthcare, that is

White House and lawmakers increase pressure on UnitedHealth to ease providers' pain

US senator calls cyber attack 'inexcusable,' calls for mandatory security rules

Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Plus potential links to I-Soon, researchers say

Don't be like these 900+ websites and expose millions of passwords via Firebase

Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials