Byung Kyu Park's Personal Website

With the first programmable quantum computer realized the day may come when Shor’s algorithm can be implemented with some accuracy:

“A team at NIST (the National Institute of Standards and Technology) used berylium ions, lasers and electrodes to develop a quantum system that performed 160 randomly chosen routines. Other quantum systems to date have only been able to perform single, prescribed tasks. Other researchers say the system could be scaled up. ‘The researchers ran each program 900 times. On average, the quantum computer operated accurately 79 percent of the time, the team reported in their paper.’”

I might be alone in this, but I fear the day when quantum computers become practical—much more than the day when the Singularity emerges; I have at least a sense of anticipation for the latter and it will represent a progress, an evolution of sorts. In contrast, all the uses for a quantum computer I know are evil—just like the atomic bomb and the hydrogen bomb. There is never a peaceful reason to enrich uranium more than 10%, and there is never a moral reason for a quantum computer to work more than 1% (or some other low number) of the time.

Will some other breakthrough make encryption—specifically, cheap and affordable encryption; for the wealthy and powerful, there is always OTP—available to the masses again, once quantum computers inevitably make public key encryptions (SSL and PGP, for the two big ones in use widely today) unusable except as children’s playthings?

There is a slight improvement to TSA’s search and seizure of electronic devices:

“The US Government has updated its policy on the search and seizure of laptops at border crossing. ‘The long-criticized practice of searching travelers’ electronic devices will continue, but a supervisor now would need to approve holding a device for more than five days. Any copies of information taken from travelers’ machines would be destroyed within days if there were no legal reason to hold the information.’”

If I take this at the face value (so many things promised by this administration didn’t come to be, so I don’t know if I can), then it means if they search and seize my laptop (after finding the encrypted data, if they do), they will have to return the laptop to me in less than one week. I don’t really care if they destroy their copy of my encrypted data (because, barring breakthroughs in attacks against encryption algorithms in use today, they won’t be able to do anything with it; and it’s at least 5 years or so that I can sleep soundly).

This is a small “improvement”, if that at all, but I will take what I can get. Ideally, I want TSA and its … ineffectual, draconian security theater gone, but some among us do like the pretension of security better than actual security, which I don’t think the government (or maybe even private enterprises) can achieve at all.

Cory Doctorow writes for Guardian,

More specifically, what about the secrets that protect our data? Like an increasing number of people who care about the security and integrity of their data, I have encrypted all my hard-drives – the ones in my laptops and the backup drives, using 128-bit AES – the Advanced Encryption Standard. Without the passphrase that unlocks my key, the data on those drives is unrecoverable, barring major, seismic advances in quantum computing, or a fundamental revolution in computing.

After considering a few options that most people who think about this particular problem would, including an option I might have considered adequate, a safebox containing the passphrase (or an unencrypted private key which can be used to similar effect), and rejecting them, he concludes,

Finally, I hit on a simple solution: I’d split the passphrase in two, and give half of it to my wife, and the other half to my parents’ lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife’s half of the passphrase is useless without the lawyer’s half (and she’s out of reach of a Canadian court order).

Obviously this makes the attack on the passphrase slightly easier: if it was originally 10-characters long, then now the attacker needs to consider only 5-character passphrase, once he gets the control of one. But it’s probably easy enough to make your passphrase long enough to minimize this problem, i.e. make your passphrases 40-chars long instead of the recommended 20-chars (for my full hard drive encryption, I use a 26-char password and it’s probably not too difficult for me to memorize one that’s twice as long).

And if you don’t mind a little bit of technical complexity, you can split the key mathematically rather than as a string: i.e. for each character, take its ASCII code, and split it, randomly, into two numbers (running both positively and negatively, say from -255 to 255; it wouldn’t be possible to split them into another sets of printable ASCII codes, as lowest 32 numbers aren’t printable, so may as well just turn each character into numbers) so that when they are added together, you get the correct character back, and store information about these two sets of numbers separately—and either of these two sets by itself is literally nothing but a random set of numbers, betraying no information about the actual passphrase.

Overall, I think this is a good scheme, except, well, it only works for people with connections in two countries (and if the liberals have their way, we will have the One World Government pretty soon, so splitting jurisdiction may not be an option soon).

It seems like, at least in any scenarios I can think of, if you want to share a secret with someone else and wants to keep it secret (between the two of you), then the only way to do it is under some subterfuge—either regarding the fact that you have a secret, or that the other person shares it (so that you can prevent the person from getting subpoenaed).