Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
121
hpr_transcripts/hpr2860.txt
Normal file
121
hpr_transcripts/hpr2860.txt
Normal file
@@ -0,0 +1,121 @@
|
||||
Episode: 2860
|
||||
Title: HPR2860: Encryption and Quantum Computing
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2860/hpr2860.mp3
|
||||
Transcribed: 2025-10-24 12:22:27
|
||||
|
||||
---
|
||||
|
||||
This is HBR episode 2008 160 entitled Encryption and Quantum Computing and is part of the series
|
||||
Privacy and Security. It is hosted by a huker and is about 13 minutes long and carries a clean flag.
|
||||
The summary is how will Quantum Computing affect the security of Encryption?
|
||||
This episode of HBR is brought to you by an honesthost.com.
|
||||
Get 15% discount on all shared hosting with the offer code HBR15. That's HBR15.
|
||||
Better web hosting that's honest and fair at an honesthost.com.
|
||||
Hello, this is a huker welcoming you to Hacker Public Radio and another exciting episode
|
||||
in our security and privacy series. What I want to talk about today is encryption
|
||||
and how that is affected by quantum computing because quantum computers are starting to appear
|
||||
and they are starting to do things. Now if you've been paying any attention to encryption
|
||||
technology you probably know that the safety of encryption from being cracked
|
||||
relies on the concept of computational infeasibility which is a fancy way of saying that any
|
||||
encryption can be broken if you have enough time and enough resources but if those quantities
|
||||
of time and resource are simply impractical you can regard encryption as safe enough.
|
||||
Now in previous episodes and I've talked about this and in fact my episode on
|
||||
passwords entropy and good password practices I went through numerical examples that a good long
|
||||
password with high entropy you know if it was long enough and antropic enough it would take
|
||||
longer than it would go past the heat death of the universe basically. Now what we have to understand
|
||||
though is that was using current computer technology. So the other thing we've consistently
|
||||
talked about with all of this is that it's an arms race so attackers are always getting better.
|
||||
You know this is Bruce Schneier's rule attacks always get better they never get worse
|
||||
and that means defenders need to improve as well. Now so far that's worked reasonably well
|
||||
as computing has gotten cheaper and more powerful thus making it easier to crack encryption.
|
||||
The defenders have responded by improving encryption through superior algorithms longer key lengths
|
||||
and so on. In this kind of arms race a reasonable view in general is that anything encrypted today
|
||||
will if you did it properly remains safe for at least a period of decades before technical
|
||||
advances make it unsafe. Now this is not to deny that some older encrypted data may become
|
||||
vulnerable over time if anyone cares enough to save it and attack it when the technology has matured
|
||||
that far. For example there is speculation that a NSA facility constructed in Utah called the
|
||||
Intelligence Community Comprehensive National Cybersecurity Initiative Data Center. That's a long
|
||||
title. So the idea is that we think that was probably constructed for this precise purpose
|
||||
and that's what the NSA is doing. I suspect either GCHQ is participating with NSA or has
|
||||
something similar in mind. Now the facility is capable of storing immense amounts of data
|
||||
and is near two sources of low cost hydroelectricity as well as being very favorably situated on
|
||||
internet trunk lines. All of this certainly makes a plausible case for what they're doing at the very
|
||||
least. Now personally I've not worried too much about this because this is not the threat model I
|
||||
need to defend against and I always start by defining the threats I care about. I got this from
|
||||
Bruce Schneier you know define the threat that you see and what it can do to you and then pick a
|
||||
countermeasure that is going to deal with that threat. So if someone says I just want to be 100%
|
||||
secure against everything it's like okay you're not ready for this you're not thinking clearly yet.
|
||||
So if the NSA can decrypt my emails 20 years from now I doubt they'd find anything terribly
|
||||
interesting and when I read my emails from long ago frequently I'm puzzled by what they're
|
||||
about but there are people who have very legitimate reasons to be concerned such as democracy
|
||||
activists in totalitarian countries like Russia China Turkey and so on. They should indeed be
|
||||
paying attention to the capabilities of the spy agencies and taking steps to protect themselves
|
||||
and for anyone who is concerned the biggest wild card has been quantum computing.
|
||||
So quantum computing differs from traditional computing we're used to by the way the bits work
|
||||
in traditional computing bits are either zero or one. Encryption in that environment is simply
|
||||
manipulating those bits such as techniques like XOR exclusive or and where the quantum
|
||||
difference comes in is that each quantum bit called a Q bit can take on many values simultaneously.
|
||||
This is a super position that allows both zero and one to exist simultaneously kind of like
|
||||
Schrodinger's cat which is both alive and dead until you look and that of course is a classic
|
||||
example of quantum weirdness a single qubit can be in two states at once two qubits can be in a
|
||||
total of four states at once three qubits can be in eight states at once and so on so take two
|
||||
raise it to the power of the number of qubits you have and that tells you how many states you can
|
||||
have and you know that's exponential so it gets really big really fast. Now for our purposes I do
|
||||
not propose to go into a detailed description of quantum computing best reason of all I'm completely
|
||||
unqualified to do it and it tends to make my brain hurt. The point we need to keep in mind is that
|
||||
quantum computing has the power to make feasible those decryptions that were previously considered
|
||||
infeasible. Now that said we are not there yet so far the quantum computers that have been developed
|
||||
are limited and finicky things but given the intense interest it is only a matter of time
|
||||
until they are developed to the point that they are practical and when that happens those messages
|
||||
the NSA has stored in Utah will be decrypted if they choose to do that. That's unavoidable at this
|
||||
point. I'm not sure that is all that much different from the march of decryption capabilities we
|
||||
witnessed until now. Encryption standards we once relied on such as MD5 are now considered
|
||||
useless for any security purpose. MD5 still lives on as a way of verifying that files have not been
|
||||
changed in any way so you will still see that with like downloads of Linux ISOs where file integrity
|
||||
matters a whole lot. So while files encrypted today using something like elliptical curve cryptography
|
||||
be broken in 20 years I would consider that highly likely. So if you are going to overthrow
|
||||
the government you might want to get a move on. But I have some people claim that quantum computing
|
||||
means the end of the age of encryption and that is nonsense. The arms race will continue and quantum
|
||||
computing will be used to create new forms of encryption that have equivalent safety in the quantum
|
||||
age to what we have had over the last 30 years. In fact it's happening right now.
|
||||
In the United States the National Institute of Standards and Technology drives encryption standards
|
||||
and as a practical matter tends to do that for most of the world not just the United States.
|
||||
They have a project called Post Quantum Cryptography and in December of 2016 issued a request
|
||||
for nominations for the proposed new standard. As they state, quote,
|
||||
if large scale quantum computers are ever built they will be able to break many of the public
|
||||
key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity
|
||||
of digital communications on the internet and elsewhere. The goal of Post Quantum Cryptography
|
||||
also called Quantum Resistant Cryptography is to develop cryptographic systems that are secure
|
||||
against both quantum and classical computers and can interoperate with existing communications
|
||||
protocols and networks. Okay so December of 2016 they issued a call. Hey all you smart folks out
|
||||
there give us some ideas. They did receive a number of submissions. So in March of 2019 on March 20th
|
||||
they delivered a briefing to the Information Security and Privacy Advisory Board which is a board
|
||||
within NIST established by Congressional Mandate. Their Matthew Scholl chief of the computer
|
||||
security division at NIST said that they had spent most of the previous year evaluating 69 submissions
|
||||
and then selected 26th of the most promising of them for further investigation with an eye to
|
||||
whittling down the list some more later in 2019. And I've got links to these lists and things that
|
||||
you can take a look at. So the show notes will help if you want more information about all of this.
|
||||
Now he did make clear that NIST is not looking for a single algorithm or even a specific number
|
||||
of algorithms which may be a good thing. One thing we know from experience is that
|
||||
monocultures can fall to a single vulnerability and it also looks like the expected different needs
|
||||
will lead to different algorithms being used. Again a very sensible way of looking at these things.
|
||||
Now to quote Mr. Scholl this is to ensure that we have some resilience so that when a quantum
|
||||
machine actually comes around not being able to fully understand the capability or the effect of
|
||||
those machines. Having more than one algorithm with some different genetic mathematical foundations
|
||||
will ensure that we have a little more resiliency in that kit going forward.
|
||||
So what is this telling us really? To me what it is saying is there is a need for encryption
|
||||
that need will continue and even if there's a change in decryption technology
|
||||
there are going to be people working on ways of getting around that.
|
||||
So I don't expect that there's ever going to be a point in my lifetime where encryption is
|
||||
totally useless. And so the arms race is going to continue one way or another and we should probably
|
||||
just get used to all of that. And so with that this is Huka for Hacker Public Radio reminding you
|
||||
as always to support FreeSoftware. Bye bye.
|
||||
You've been listening to Hacker Public Radio at HackerPublicRadio.org.
|
||||
We are a community podcast network that releases shows every weekday Monday through Friday.
|
||||
Today's show like all our shows was contributed by an HBR listener like yourself.
|
||||
If you ever thought of recording a podcast and click on our contributing
|
||||
to find out how easy it really is. Hacker Public Radio was founded by the digital
|
||||
dog pound and the infonomicon computer club and it's part of the binary revolution at binrev.com.
|
||||
If you have comments on today's show please email the host directly leave a comment on the website
|
||||
or record a follow-up episode yourself unless otherwise status. Today's show is released on the
|
||||
creative comments, attribution, share a light 3.0 license.
|
||||
Reference in New Issue
Block a user