Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

+ - Dealing with long-term security requirements?

Submitted by tbo
tbo (35008) writes "I'm an academic researcher in the field of quantum computing. I'm interested in learning what the IT community is doing to prepare for future developments in quantum computing and the resulting security implications — in particular, the compromise of most or all known public key cryptosystems.

Although large-scale quantum computers may be a decade or more away, this still has immediate implications for those with long-term forward security requirements (i.e., data that must stay secret for a long time). Does your organization have data with substantial forward security requirements? How do you deal with protecting that data against future advances in cryptanalysis? Has your organization considered quantum key distribution or other new cryptography technologies?

Another concern is replacing the present-day public key cryptography infrastructure with something immune to quantum computers. A malicious person with access to a single large-scale quantum computer could use it to crack the root certificate authorities' private keys, thus enabling him or her to fake certificates for anything they want and perform undetectable man-in-the-middle attacks against banks and e-commerce sites. Since it's very hard to revoke and re-issue root certificates, this would only have to happen once to do serious damage. What are people planning to do about this?"

Keep your boss's boss off your boss's back.

Working...