The world’s first network using quantum cryptography last week in Austria but Schneier, in an article for Wired, said the deployment changes little in the security field.
“The basic idea is still unbelievably cool, in theory, and nearly useless in real life,” he said.
“Even quantum cryptography doesn't "solve" all of cryptography: The keys are exchanged with photons, but a conventional mathematical algorithm takes over for the actual encryption.”
He said that the weakest point of any network is not in the transmission of data itself but at the endpoints of the network. Quantum cryptography doesn’t solve that basic problem.
“It's like defending yourself against an approaching attacker by putting a huge stake in the ground. It's useless to argue about whether the stake should be 50 feet tall or 100 feet tall, because either way, the attacker is going to go around it,” he said.
Quantum cryptography systems rely on an application of the Heisenberg Uncertainty Principle, which broadly states that it is impossible to observe quantum information without altering it.
This makes eavesdropping impossible, since as soon as it takes place the change in data can be recognised and the network shut down.
Even quantum computing itself wasn’t the be all and end all of computer security Schneier argues. The sole effect on symmetric cryptography would be to halve the amount of time taken to break the encryption key, and that could be simply countered by increasing key sizes.
Schneier says quantum cryptography is “nearly useless”
By Iain Thomson on Oct 17, 2008 4:00PM