While it's not my field of research, so i can't comment on the scientific validity, that paper is the best laugh i've had in a while! A+ satire.

> "Finally, we refer to a dog as “a dog” because even the most strenuous mental gymnastics can’t really make it sound like it’s a computer."

Also in the footnotes:

> "We use the UK form “factorise” here in place of the US variants “factorize” or “factor” in order to avoid the 40% tariff on the US term"

Now I'm really wondering how much El Reg is paying in tariffs all the time with its business importing and exporting letters and words.

I grow increasingly convinced that every new development in computing is bullshit. People don't want to advance anything, they just want to find the exciting new buzzword technology or application that will let them be on the ground floor this time and make the big money. It's been going on since the dotcom bubble. Well, since the invention of money, probably, that being human nature, but that's the point where computer tech development seemed to switch focus from solving existing problems to creating "solutions".

Perhaps I'm just getting old and cynical.

> But when n is a 1,024-bit or 2,048-bit number, finding two prime factors requires a tremendous amount of computational power.

Which is why the NSA has more computing power then Twitter, Facebook and Amazon combined.

Parkinson's Third Law of Computing: Encryption can only delay access to information.

Indeed, any electronic based system has an indefinite secure lifetime before mere brute force will rip it apart.

Any sensible 1 bods trying to keep things secret from TLAs will use multiple layers, book code 2 buried in gibberish 3 and then send it via parcel mail as part of the packing for some bit of tat lost in the vast volume of tat flowing from a really big river... Until the TLAs find one part of the chain they can follow and you’re toast.

Physical things requires physical intervention. until scanning gets to the resolution needed for reading a closed book via the microscopic differences in signal return between two different visual appearances.

1 Luckily not that common among fanatics.

2 trawl 2 nd hand bookshops for out of print 1950s pulp, & duplicate

3 see 2 preferably in foreign language

did I hear a helecop...

I’m with you. it seems that there has been almost no genuine innovation or fresh ideas in the computing world (well, certainly in the software world) for decades.

And the “innovation” that there has been seems to have the sole purpose of making money (no surprise there), making everything 1000% more complicated than it used to be (I’m thinking about most of the network and user management tools. Oh, and System Dunce), pointless (let’s make a shiny new “skin” for [add application of choice. And System Dunce]) or just plain shit (anything that MS vomit out. Oh and…).

I appreciate I’m being nostalgic here but the days of Early PCs, Apple IIs, and the countless “home” computers around the same time seemed to show massively more invention and clever thinking than anything else over the last 20 years - they were genuinely exciting times. And all without requiring gigabytes of memory to print “hello world”

Yeah, well, I can netboot a server I’ve never even seen to install a new OS image, whether or not the current one panics on boot. Some things have improved 10X.

I agree with you all the way to the end, where I'd like to add:

it seems now that they are also creating the problems.

They have perhaps discovered the UK's (secret) Economic Policy. That there's more money to be made fighting ghosts in the future machine, by selling solutions to problems which don't yet exist.

Really clever shit........

ALF

Well, yes. If your entire business model is selling ninja repellent, then your business will collapse as soon as people realise there aren't any ninjas. To avert this, there are three paths:

1) Convince people that the repellent is working really well and that's why they haven't seen any ninjas.

2) Convince people that they haven't seen any ninjas because ninjas are extremely stealthy and that's why you need the repellent.

3) Found and train a ninja clan and kill a few doubters to set an example.

However convincing you are, sooner or later 1 and 2 will both lead to your market realising that they're being fooled. By which time you'd better be far, far away. The typical conman recognises this. But many techbros fall for their own scam and believe they actually can make a working product. And when they can't, they have to try creating a problem that it can fix.

Good sir/madam, please have a pint for your japery ==>

I do love a well constructed and artistic piss take of the tech bro stack we're surrounded by now.

As for ninjas, where did I leave my sword, shuriken and sneaky attire????

The UK doesn't have an economic policy. They are just winging it, week to week.

Add to Quantum code breaking, nuclear fission, AI that is really AI and honest politicians.

And yes, we haven't seen much innovation in computing since the blu-ray disk and 3D printer. Everything else has just been a speed/bandwidth bump. We could be using 15 year old computers if GAFA didn't force OS upgrades on us, and for anyone daft enough to subscribe to SaaS webware, 25 year old systems or dumb terminals.

When tech companies get to a certain point, the innovators cash in and put their feet up. They are replaced by off-the-shelf corporate types who want a quiet life and a big bonus. Innovation dies. Companies are led by lawyers. Maintaining the status quo is just easier. Hence we haven't made the next gen shift to distributed systems, where we could have had an entirely new computing revolution.

What we are using now is just getting worse. If anyone out there has a few quid, we could go back to the basics of computing and rebuild - a new OS, simpler and more resilient, legacy file format compatibility for uptake, protection from hacking built in by restricting access to system internals from networks, and none of the walled garden crap that GAFA use as a weapon. There would be a world of innovation and new stuff that we could build, including distributed software, distributed DNS, distributed social media and other services, ad hoc networking, and the like. Clustering on retail systems with plug-in processor boards. Self-adaptive processors.

Wise words, indeed.

Taking forward the theme of corporate sluggishness and complacency after the entrepreneurs have left (e.g. BOEING, Microsoft, Apple, and Intel), suggests rethinking the respective roles of market-capitalism and of public/private ownership.

For instance, Richard Wolff (the prominent Marxist economist), someone to whom I listen with interest, advocates industry and commerce being placed into ownership by workers' co-operatives. I profoundly disagree with that, if it is posed as a blanket solution to many present day ills.

However, I consider it a sensible imposition on companies which have passed their stage of innovative fervour, and now mostly churn out 'widgets' (or software) into well-established markets. The supposed 'democracy' of co-operatives works in that context, despite 'democracy' overall being an agency for maintaining an unimaginative status quo in the interests of powerful, mainly self-seeking, individuals.

Yet, we must look to imaginative entrepreneurs, people willing to place their own skin in the game, to seek new opportunities for productive enterprise; albeit under well-regulated market-economics instead of its debased current ethos enshrined in neoliberalism and the psychotic thinking of the late Ayn Rand.

Taking further the matters raised in your final paragraph, yes, there is the potential for global intellectual/commercial renaissance. A key enabling factor will be the removal of ideas, and the means to further them in practical applications, from walled-gardens: abandon so-called 'intellectual property' (IP) and replace it with entitlement to attribution . The collapse of IP and rentier economics is already in progress: it largely the result of technological advances involving the digital representation of data and their ready access via the Internet. BRICS will hasten the economic revolution. Cottage industries shall replace behemoths, and thrive.

But how are we going to convince people to give us gazzillions of dollars to replace all their existing kit and algorithms if there's no burning platform????

- Anonymous Qbit sales manager

Ask Microsoft - they seem to be managing the replacement requirement very well at the moment.

Scare the shit out of them.

That usually works.

It has since Roman times at least.

ALF

So another paper from the same Peter Gutmann who back in the days already discredited himself by writing papers full of nonsense about Windows Vista, Microsoft's upcoming Windows version at that time.

And he subsequently admitted he did so without even using the specific operating system in question himself, despite it being available at least as public beta version at that time.

I'm sure there is much to criticise with all the claims around quantum computing, but I'm not sure a borderline fraudster is the best person to do this.

Harsh. You may be more familiar with his work than I am, but I found his paper (essay? collection of notes?) on X.509 in practice very useful.

I’m anon because although we recently implemented PQC in a product and we’re hoping for a press release from industry partners fairly soon, so I have a dog on this fight. But I don’t disagree with him.

PQC is fairly easy for an engineer; we found ML-DSA a drop in replacement for RSA or EC, albeit with a much bigger signature size. But it’s not a magic bullet and a lot of the things I would like to focus on are the deeply unsexy parts of crypto; plugging holes in implementation and process. It’s harder, less rewarding but vastly more useful than PQC on the short term and mid term. But we can’t ignore the long term either, so PQC research needs doing too.

But if the adversary is already on the machine, software or hardware, any type of encryption is not going to provide the secrecy you are looking for.

Stenography is the only thing that I have found which actually works, as long as you don't give the recipient the info via eMail or text, etc.

ALF

Whatever use case you have for steganography would probably be fun to describe, but not useful in practice. It’s not going to help you secure comms with your bank or digitally sign a contract.

Stenography or steganography? While hand coded ciphers using a one time pad would evade electronic decoding, it's rather time consuming for long messages. Conversely, I expect that steganography is bandwidth intensive. I guess you could combine the techniques and employ an animation studio to produce your encrypted messages.

Hmmm... Published paper, or AC?

--->

Encryption is reversible obfuscation .

Given enough time, computing power, and patience, a pathway back to the original message (a sequence of binary digits straightforwardly representable as comprehensible text and/or images) will be found. This may take minutes or millennia. Unless the coding method, e.g. RSA public key encryption, is known, or drawn from a set of documented possibilities, each of which may be tried in sequence or on parallel machines, there is no obvious stopping rule for an attempted decryption other than obtaining intelligible text/images. Therefore, 'brute-force' decryption methods, necessary when the underlying logic of encryption is not pre-specified, require step-by-step scrutiny of results until the output is recognisable.

'Brute-force' decryption entails human or algorithmic (e.g. an 'AI') input at every stage or, equivalently, scanning a long sequence of results. Even should clear text emerge, its import may be obscure because the sender of the message could have assumed the recipient had prior knowledge of context and intention.

Also, regardless of the encryption algorithm - public or bespoke - there remains the time period during which the decrypted message retains practical or evidential use. For instance, on the battlefield, transmitted orders may require secrecy for minutes or hours, nothing more when the 'cat is out of the bag'; the fact of an encrypted, but not quickly decipherable, message being intercepted is the only guide for action by its unintended recipients. For other state and for commercial secrets, the essential timescale for secrecy may be longer but, even so, it's not indefinite; that is, unless the reputations of the people deploying secrecy will be at stake: perhaps a political lifespan or two.

These considerations lead to the not often mentioned application of cost-utility and opportunity-cost for individuals and institutions engaged in eavesdropping.

Very well put Long John Silver.

Encryption is useful for a period of time and that is, as your rightly say, variable by application.

Having worked in various scenarios that utilize and require the use of cryptographic tools to secure information or data, the hardest thing to really measure, is the value of the information or data, or the expected loss, or impact, if the data or information was decrypted, therefore providing a scale to measure how far up the scale the chosen crypto standard needs to be.

So, as always in government type applications and scenarios, just whack it up to the top setting, even if the info is only valuable for a few hours.

>> unless the reputations of the people deploying secrecy will be at stake: perhaps a political lifespan or two.

Today's politicians don't have any shame, that's just for us little people, because we're not powerful enough to get away with lies.