Schneier on Security

Clive Robinson • March 21, 2025 11:42 AM

@ Bruce, ALL,

Is “Quantum Computing”(QC) over rated?

The hype of “Quantum Computing” is fairly well known for various reasons. Not least because of the two issues of,

“Classical and quantum researchers compete using different strategies, with a healthy rivalry between the two. Quantum researchers report a fast way to solve a problem —often by scaling a peak that no one thought worth climbing— then classical teams race to see if they can find a better way.

This contest almost always ends as a virtual tie: When researchers think they’ve devised a quantum algorithm that works faster or better than anything else, classical researchers usually come up with one that equals it.“

From : https://www.quantamagazine.org/quantum-speedup-found-for-huge-class-of-hard-problems-20250317/

It raises the,

“What practical mass market benefit will QC have?”

Which if the “little to none” view holds would in effect kill it off as a commercial activity.

But then there is the “metric shit-ton” of hardware issues that has kept us down to just a handful of Qbits barely enough to factor a two digit number. Where as best guess estimates say we will probably need as a minimum in the hundreds of thousands to millions of Qbits.

But a more abstract issue arises of,

“Do we know enough?”

There is something called “Quantum Cryptography” that has it’s roots in an idea from the 1960’s for “quantum money” that would be unforgable. In the late 1970’s it gave rise to an experiment that gave rise to what many call BB84 that proved that Quantum Cryptography was practical.

Since then the Chinese amoungst others have pushed it to the point it can provide secure key distribution without a second channel. Known as “Quantum Key Distribution”(QKD) it can provide what is considered absolute security spanning around one third of the way around the globe…

But we need more than “key distribution” and that is where other questions arise,

https://www.quantamagazine.org/cryptographers-discover-a-new-foundation-for-quantum-secrecy-20240603/

The thing about QKD is that not only is it inexpensive in comparison to “Quantum Computing”(QC), the rate it is progressing technically it will be globe spanning in a very practical way before QC is anything more than a very very expensive lab curiosity. Which due to QC’s exorbitantly expensive “consumables” cost will probably make it not commercially viable ever.

Clive Robinson • March 22, 2025 12:29 AM

@ Bernie,

With regards,

“Folks around here call me Old.”

Funny thing… Most every morning I look in the mirror… My brain looks out with the thoughts of a twenty something year old, and is shocked to see a grumpy old git looking back… And it’s all down hill from there for the rest of the day 🙁

Why I make the same mistake near every morning I don’t know, I guess it’s an “old habit that’s hard to break”.

With regards,

“I remember looking forward to when computer systems were finally powerful enough that UIs were always fully responsive.”

To which I say

“Young man the 8bit CLI is where you should look!”

I have a genuine Apple ][ I bought back in the late 1970’s and when in the editor I use on it, it’s still got a faster key-press to screen display time than any current commercial windows based OS on hardware that’s less than three years old…

There is a lesson in there… which is why I run a stripped down Linux on a laptop that shipped with MS Win 7 (according to the sticker underneath). Sadly getting 32bit Linux is no long,

“Go to the news agent and buy a magazine with CD/DVD on the front.”

Which was a “more secure” way than an Internet download.

I do run multiple X-terminals in a Windowing environment and take the speed hit for the convenience of having half a dozen files open to see and cut-n-paste from (yup a bad habit that is almost as old as my back teeth).

But consider your statement,

“… computers are never going to be powerful enough for the basics like strong encryption.”

Back in the 1970’s my Apple ][ was and still is more than powerful enough for “strong” encryption. In that it could happily use an XOR or Add-Mod256 “mix algorithm” of “plaintext” with OTP “ciphertext” from floppy disk file.

More modern encryption like AES uses a “highly complex” “mix function” in lots of rounds…

However run AES in “counter mode” to generate a psudo-OTP to write to file you in effect,

“Take the complexity out of synchronous On-Line encryption and run it asynchronously off-line.”

Or you can run the complexity across multiple parallel compute engines (which is what we did back when 8bit CPUs ran below 4Mhz clock rate).

Thus it can be seen that the issue is not actually “strong” encryption but “managing the complexity” of the
encryption algorithm when being used synchronously “On-Line”.

Thus the question of splitting up the “complexity” into a “chain” of “less complex” algorithmic parts which in effect is what 3DES was all about (only they kept the complexity “Synchronous and On-Line”).

Some years ago now (last century 😉 Prof Ross Anderson wrote a paper on doing something similar,

https://link.springer.com/content/pdf/10.1007/3-540-60865-6_48.pdf

Which led to another paper analysing the ciphers authored by Pat Morin,

https://cglab.ca/~morin/publications/crypto/aardvark-sac.pdf

(Pat also has work on “random algorithms, that is interesting in a similar but different respect. Cryptanalysis often relies on “a fixed structure” to do things like “message in depth” attacks. Randomising the order of the sub algorithms can be shown to keep the desired CS complexity but in effect give a new final algorithm each time thus limiting such attacks).

I hope you find the papers interesting.

Clive Robinson • March 22, 2025 2:23 PM

@ Bernie, ALL,

With regards my relative decrepitude, you can search the blog for two words in association “badger” and “beard” let’s just say “I think I’m doing better” than our host on that score 😉

But back to more important things, you say,

“Optimism is my old habit that is hard to break.”

You shoulden’t. Psychologist s and Psychiatrists dress it up in fancy words in long papers but the short and the long of it is,

“Optimism like fight or flight is a hormonal ‘self defence’ mechanism.”

Oddly perhaps so is actual “pessimism” rather than what people mistake depression for.

Years ago I coined an expression that others may also have done –I’ve never checked– because the “You’re a glass half full guy” comment really rankled. So I would say that,

“I’m an optimistic pessimist, I hope things will improve, but I know they won’t.”

So as others say “Onwards and upwards”[1], with regards,

“Regarding your Apple ][, it can’t run the latest must-have features in MS Word 314.159”

But look on the bright side neither can it run,

1, Malware or similar
2, “See What You See” “client/device side scanning”.

In part because it has no real “external communications” the OS is on real immutable mask programmed ROM and the only mutable memory that is not RAM is very old style floppy disks. So in effect it comes “pre-mitigated” by segregation”[2]. All reasons I love pre-1995 PC Hardware and a suitable cage.

All you are left to do is “Hard Control Human Access” in various ways which yes can be both hard and expensive. But at least we are much better equipped by history to know what actually works and what is faux security.

Speaking of faux-security you had to say it 😉

“You need to move to post-quantum cryptography… but don’t forget the backdoors we need. After all, you need a lot of holes in your security for the Swiss cheese model to protect you.”

The “Swiss cheese model” is another version of the idea behind the “Onion layer model” which the military version is “Defense in Depth”.

The original idea behind the Swiss Cheese model was to act as a visual aid in “accident prevention” and it actually encourages the wrong type of thinking. Which us as bad if not worse than Victorian Artisans and their boilers still exploding even when the “bolted a bit on”. Under the quaint illusion they could by adding another layer stop their socks being their only mortal remains they left behind…

Accidents happen for two reasons only,

1, Lack of knowledge/information.
2, Lack of time to respond.

The “holy cheese” model barely covers a small fraction of the first reason and totally fails with temporal issues.

Thus the argument is “if you have a thick enough skin, you can not be harmed”. Nature tried that with dinosaurs, and you don’t see them wandering around. Similarly pacaderms are now very much endangered due to the heavy caliber Nitro Express and later Magnum rifles, proving the point that practically “there ain’t no cheese thick enough”… And as drones are currently proving on the battlefield you are not even safe when you are in a hole in the ground or behind a hundred tons of armour.

The net result of “bolt another layer on” is that you fairly quickly make yourself way way more vulnerable because even with sufficient information you can not move out of the way…

Which brings us back to the notion of “crypto backdoors” have a search on this blog for my comments with regards the work of Claude Shannon and Gus Simmons. When you put their work together you have a mathematical proof that “backdoors do not work” when the “People of Interest” either know or assume there is a backdoor in place.

Which is why I suspect that finally certain types of people are moving to the

“See What You See”(SWYS) or “Client/Device side scanning” model.

By puting a “shim” in the UI or I/O drivers that “tees the plaintext off”.

It sounds like a great idea because it gets around all the communications crypto without having to break it etc etc etc.

The problem for them is it require a “Communications Back Channel” which if denied to them renders SWYS moot.

In the past I’ve pointed out the salient facts that as the first or second parties to get protection from both Crypto backdoors and SWYS you need to properly “segregate the plaintext”.

In WWII and earlier this was done by using OTP ciphers and pencil and paper (and a box of matches).

What you are doing is,

1, Taking the “security end point” off of the “communications end point” device.
2, Ensuring the communications device never has “plaintext” on it, or go through it, only “ciphertext”.

As long as the device you use for the “security end point” has no “covert or overt communications” side/second channel around the “security endpoint” then you are secure.

So reading the ciphertext on your mobile phone display, writing it down on a piece of paper and then taking it into a different location to the mobile phone to use the OTP kind of gives you no “side channel”.

Except if they know where you use the OTP and put a hidden camera or more modern type of surveillance on that location…

But for that to happen then they would have to consider you a “significant person of interest” or have Orwellian style surveillance on the whole population.

The latter scarily being more likely these days with “Smart TV’s” and other microchipped consumer home goods that all have WiFi and BLE and surprisingly many have both microphones and video cameras of the MEMS Device variety.

This is quite out of date technology wise, but it could give you nightmarish thoughts on what is possible,

https://engineeringproductdesign.com/mems-micro-electro-mechanical-system/

Oh and most MEMS are way less expensive than the traditional transducers they are rapidly replacing.

[1] Logically this is a daft expression, because as the more appropriate phrases have it “what goes up, must come down” and that implies especially with heavenly bodies “crash and burn” unless you just want to “lack the necessities of life” and “go around and around” after “getting out the well”.

[2] OK I admit it’s still connected to mains power and the old CRT monitors can be “remotely viewed” due to the levels of EM radiation they can pump out. See Wim “van Eck Phreaking”,

https://en.m.wikipedia.org/wiki/Van_Eck_phreaking

And similar TEMPEST and EmSec attacks both passive and active I’ve detailed on this blog before, and why I talk of “Energy Gaps” not in effective “Air Gaps”.

Clive Robinson • March 22, 2025 6:49 PM

@ lurker,

Re : sophons

I was thinking they would make a good replacement for AI Spectacles.

But the ideal material for Qbits has got to be weapons grade “unobtainium”, 1g of that could produce enough hot air to run a hype bubble or all the worlds data centers for a century 😉

Clive Robinson • March 23, 2025 2:25 PM

@ Bernie,

With regards,

“I first read “WiFi and BLE” as “WiFi and BLEVE”. Let’s hope the latter never makes it into consumer electronics.”

It actually happened lots of time oh about 20years ago.

The story is “industrial espionage” to obtain the chemical formula for the electrolyte in electrolytic capacitors was imperfect. Thus several hundred “metric shit-tons” of defective capacitors got shipped…

The result lots of Dell PC motherboards and Microsoft games consoles had defective capacitors installed (cause they bought on the cheap and did not QC properly to further save money[1]…)

Some of the caps just oozed dangerous chemicals, others just split the can on the cross, others popped the can off of the base. But a few really broiled and blew… They actually had a “Boiling Liquid Expanding Vapour Explosion”(BLEVE) in the case and due to fans quickly filled a room with acrid if not “choking agent” “magic smoke” and in some cases burning metal vapour.

Which trust me you don’t want in your lungs, throat, eyes etc as it’s just all round nasty including carcinogenic…

[1] There is an expression in “Fast Moving Consumer Electronics”(FMCE) production about not trusting your suppliers which is a little like the faux-CIA one… But it gives rise to another which is,

“Keeping the pencil sharp”

Basically if you keep using the same supplier the price goes up… To keep the supplier “on the line” you go somewhere else and say to the original supplier “Bottom line they were less expensive than you” even if they were not. Thus the theory is the “pencil will be sharper” for the next quote… (There is so much wrong with this I urge people not to do it, because you rarely win out in the end).

Clive Robinson • March 24, 2025 1:59 AM

@ Bernie,

Re : Capacitor Plague

“Were those defective caps in the (tech) news just recently?”

According to Wikipedia the “capacitor plague” as it was called back then was between 1999 and 2007.

So yeh someone might have been doing date based article of “two decades ago” a “21st coming of age” or even a “quarter century ago” article.

What I do know is it was mentioned in depth on the EEVblog website because “Dave” had mentioned them on one of his “Dumpster Dives” which caused one of his “readers” to post he’d had some go pop and asking for advice about alternatives as replacements,

https://www.eevblog.com/forum/repair/dell-gx280-motherboard-capacitor-replacement-(rubycon-mcz-alternative)/

The thing with “smoothing” and energy storage components like inductors and capacitors is the circuits have to be thought of in “four quadrants” not the usual “two quadrants”. That is they both source to and sink from an active / energy storage / generative load (think “Back EMF” found on DC motors for electric drills etc).

With high efficiency “Switch Mode PSU”(SMP SMPSU) for high power low voltage fast digital circuits you need to consider “nanosecond switch times” and both series resonance and ringing otherwise all sorts of nasties including “metastability soft latch up” can happen.

One such “I didn’t think of that” traps people drop into is that PCB tracks are transmission lines and can store considerable amounts of energy as well as appear as short circuits when they are open circuits –half wave– and open circuits when they are short circuits –quarter wave– and what appears as magic make capacitors look like inductors and vice versa. If you want to see how you can use this advantageously look up “Class F” RF amplifiers. A friend of mine Roger Howe –who sadly is nolonger with us having died by accident during lockdown– developed a unique output stage for FM Broadcast transmitters that put them up in the 90% efficiency bracket but all importantly unlike Class F was “broadband” (75-110MHz). For my sins using Class D Bridge driven by Class H I developed a “switch mode” AM Broadcast transmitter using “Walsh functions” and current transformers as “power adder circuits” that was up in the same efficiency range but covered 0.5-2.0MHz (think of it as a 10kW D to A converter). And for both low ESR PSU caps are kind of essential so it “sticks in my mind”.

Clive Robinson • March 25, 2025 6:09 AM

@ ResearcherZero, Bruce, ALL,

Re : The computing stack implication on privacy and why we can not have nice things.

You ask the question,

“What exactly is the point if they also want to insert ‘backdoors’ into software?”

The first thing to realise is,

“Not all software is equal.”

And secondly all software like mathematics,

“Boils down to logic and arrays”

Which makes software hierarchical and thus can be seen as a “stack”.

But the “logic and arrays” is true of all Turing engines and thus all computers hence the “Computing Stack” view.

Further that,

“All logic can be replaced by an array, and all arrays can be replaced by physical objects.”

It’s why any Q-bit type can give you a Turing Engine, or any other system defined by logic[1].

Thus you can define the values in the array in a way that represents any kind of information, be it software, functions, or values.

The old “Programmes = Instruction + Information” view is actually “Everything is values in a lookup table”.

The problem is building it into something useful which is why CPU chips have thousands of transistor equivalents at the least and millions of times that at even moderate level CPUs currently.

To most people “software” is something very abstract and high level and they never actually build function out of it directly, the nearest they sometimes get is “lookup table” arrays within a high level language to hold values to do speedup.

Hardware engineers back in the 1980’s and earlier were only too aware of these issues because,

“CPU chips were hardly a thing and inordinately expensive.”

So most “programming” was done with “analogue circuits” or “ladder logic” and still transitioning into basic logic devices such as “Norbits” and TTL or ECL semiconductor chips. However by the early 1990’s the “Home computer revolution” had happened and ARPANET was transitioning into the Internet.

The majority of programmers by then had stopped using or never used assembler language and had oft as not snoozed through basic logic and computer fundamentals in school or collage.

Thus two gaping chasms had opened,

1, High level to lower level language gap.
2, Low level language to functional logic gap.

The second is sometimes called, “The CPU ISA Barrier” and it can be pointed at with a cocktail stick or other pointing device as existing at the pins on the CPU data, address, and control busses.

It’s said in mythology that,

“Few ever go over the river to the underworld (Hades) and come back, sane or whole.”

Well for most engineers and programmers these days “Hades is in a chip”. Importantly their reach does not or mostly can not cross “over the river”.

Which means their control on Privacy, Security, and Secrecy stops at that point, high up in the computing stack. Importantly nor can they see across the river they can only hear what’s shouted across. Which means effectively all three as a consequence get “owned by those that can “cross over” and they can do what ever they want including “falsely report” to the user.

In the past I’ve explained that a CPU can not view it’s function or report on it, it’s the consequence of work that slightly precedes what Turing did in the late 1920’s and early 30’s.

But if you want to think about it in his terms, consider two Turing engines with full access to “the tape” you as the user are only aware of the engine you use and think you control. An attacker invisibly to you controls the other.

Ask two basic questions,

1, What can the attacker do with the second engine?
2, Can you even show the second engine exists?

To which the answers are,

“If the attacker is careful, Anything and No.”

To serve as a “backdoor” the attacker needs one more thing “external communications”.

Unfortunately for the user “external communications” may only need to send back a single bit of information over a covert channel with “See What You See”(SWYS) type “on device” attacks.

To see why with what Apple put in their OS to supposedly catch CSAM users.

To you the Apple OS is a “black box” that is equivalent to Hades of myth. You can not cross the river and nor can you see over it.

However it stands like a gateman between you and your data and “sees all as it passes”. You have no idea of what the gateman has been told to look for, or how…

All the gateman has to do is signal by raising just one flag or speak one word or less that can be seen/heard in your realm by guards etc. But you won’t see or hear it as the gateman’s presence is invisible to you. The alerted guards however can then act, and you will not just see them but feel their presence as they drag you away for an uncertain future.

The lower down the computing stack the gateman is the less opportunity you have to be aware of it, and in some ways it also makes the covert signal near impossible for you to detect as well.

The only solution to this is to “mitigate the covert channel” by “segregation” of user plaintext from communications and any ciphertext etc. Unfortunately these days segregation needs to also be by “energy gapping”.

[1] All the physical object actually has to do is behave like a “comparator” or “threshold switch”. They are from a physical object perspective actually interchangable with each other.