"Mathematicians build code to take on toughest of cyber attacks"

Wow.  This article by Phys.org is so appallingly bad i just have to tell you about it.

Lets start with the obvious stuff.  This is an article about a paper that doesn't even link to the paper.  It also doesn't mention the names Merkle or Hellman (which appear in the first sentence of the paper).  It also completely misrepesents the content of the paper:

Washington State University mathematicians have designed an encryption code capable of fending off the phenomenal hacking power of a quantum computer.

Etc. etc.  As you can tell, the phys.org author really wants to talk about quantum computing.  Unfortunately the paper barely mentions it other than to point to a single reference from 2003.  Also unfortunate is that quantum computing is largely irrelevant to real world infosec anyway.  No mention of discrete logarithms and how they also aren't vulnerable to attack by Shor-type algorithms.

Now we have some key phrases:

to create an online security system...

that can't be broken by the usual cyber attack methods...

...The system is based on the factoring of impossibly large numbers and, so far, has done a good job keeping computers safe from hackers...

Yeah.  There's a lot to take in here.  First of all we should point out that hackers created computers in the first place and are the ones who make them secure, and that the authors of the paper are hackers for hacking the knapsack problem by injecting integer representations.  Also there is no context by which "usual cyber attack methods" has meaning here.

In the end I guess my biggest problem with this piece is that it implies that what we need for better infosec is a better public key cryptography system.  In point of fact our public key crypto is absolutely not the weak point, while it is the authentication system that is completely broken.  SSL has in no way done a good job at "keeping computers safe", kind of like the author of the piece has in no way done a good job of reporting on this paper.  SSL is not even named, even though it is implied by the reference to "buying books over the internet", a process by the way which also involves the protocols of certificate authentication, credit cards, and fiat currency which by comparison make RSA public key cryptography look like perfection itself.

Anyway, the algorithm itself does look interesting.  Unfortunately no code is included nor specs or tests so I don't think it's quite ready to support a coin yet.

Leave a Reply

Your email address will not be published. Required fields are marked *