* Update - RSA Encryption allegedly broken using Quantum Computing
A significant development in cybersecurity has emerged, as Chinese researchers claim to have broken RSA-2048 encryption using a quantum computer. For context, RSA encryption is fundamental to securing everything from online banking to sensitive government communications. This breakthrough shows the immense potential of quantum computing, which poses a direct threat to current encryption standards, even though quantum computers are still in early development stages.
What Does This Mean for Cybersecurity?
The power of quantum computing lies in its ability to process vast amounts of data in parallel, thanks to qubits. Using Shor's Algorithm, quantum computers can factor large prime numbers—the basis of RSA encryption—exponentially faster than classical computers. RSA’s strength is based on the difficulty of factoring these numbers, a task that would take a classical computer centuries. But a quantum machine can solve this problem in mere hours or even minutes, potentially rendering today’s encryption methods obsolete.
This breakthrough, while still largely theoretical, could drastically alter the security landscape. It particularly raises concerns around password hashes and exploited credentials. Quantum computers could easily break hashed passwords, even those stored with strong encryption techniques, exposing sensitive data from previous breaches. In a world where attackers can access vast amounts of hashed passwords from compromised systems, quantum computing could allow them to decode those hashes at speeds never seen before.
Implications for Businesses
Although quantum computers capable of consistently cracking encryption aren't yet available, the implications for businesses are profound. Current encryption protocols, including those protecting login credentials and sensitive corporate data, may no longer be secure in a post-quantum world. This has serious consequences, particularly for businesses that handle sensitive personal data, financial records, or proprietary information.
What businesses should worry about, beyond encryption, is password security. Even strong password policies might fall short once quantum computing is mainstream. Hashing algorithms, such as SHA-256 or bcrypt, that currently provide robust protection could be swiftly bypassed by quantum systems, leading to mass credential theft.
Preparing for the Post-Quantum Threat
In the future organisations would have to begin transitioning toward quantum-safe cryptography. These are algorithms designed to be secure against quantum attacks. Initiatives such as NIST’s Post-Quantum Cryptography Standardisation aim to introduce cryptographic techniques that can withstand quantum computing threats. Implementing these standards before quantum computing becomes widely accessible will be key to ensuring data remains secure in the future.
领英推荐
Additionally, focusing on multi-factor authentication (MFA), passwordless security options, and zero-trust architectures are short-term strategies businesses can adopt to mitigate risk. These approaches reduce reliance on traditional password-based security, lessening the impact quantum attacks may have on password hashes.
Looking Forward
While this development is a wake-up call, it’s not yet time to panic. The key takeaway for organisations is to stay informed and begin investing in future-proofing their security infrastructure. By adopting quantum-resistant cryptography and improving overall cybersecurity hygiene, businesses can stay one step ahead of these emerging threats.
Update
Recent reports that Chinese researchers had broken the RSA algorithm using quantum computing have been debunked. While the researchers did manage to decrypt 50-bit RSA keys, this is far from the 2048-bit encryption used in modern systems. In fact, a 50-bit key is trivially weak and could even be broken by classical computers, such as a smartphone or old hardware.
The claim centred on using a quantum algorithm, QAOA, combined with classical methods, but experts like Scott Aaronson have noted that the research is highly misleading. The techniques described do not scale effectively to break 2048-bit RSA encryption, and there is no immediate threat to widely-used encryption standards.
The findings serve as a reminder to keep monitoring quantum advancements, but RSA remains secure for now
Enterprise Account Manager at RSA Security
4 个月This is an open source very old encryption RSA no longer uses.
Lead Identity Architect - Americas' Professional Services at RSA Security, LZA, MCP, MCSBS
4 个月They aren’t anywhere close to cracking 2048 keys. The supposed breakthrough announced recently by the Chinese is merely a 50 bit key which can be cracked on normal processors using brute force in seconds. Researchers estimate it will take computers with upwards of 20 million qubits 8 hours to crack a 2048 key. The largest computers today have only 1,000 and these science experiment level devices can only stay in coherence for 1-2ms. We are easily a decade away from serious widespread quantum computing and let’s not even bring up software as programming these beasts represents a entire new frontier in its own right.