-2

With so much raw computing power under hood, we are talking minutes to break even 50 characters passwords with bruteforce attacks in few decades. And two way authentication will probably be a lot weakened (if not destroyed) too.

So what is next for "regular" account security? Fingerprints? Retina scanners? Pattern based passwords?

The Law
  • 97
  • 2
  • 50 character long random password will be resilient for quantum computers. That's why for the API keys and cookies we use now 40-42 characters. – Aria Sep 17 '16 at 12:23

3 Answers3

1

Who says passwords will be totally broken? Passwords are - for a part - saved as secure as their hash is. And yeah sure, some hashing algorithms will be broken.

However, we will be able to make more complex hash functions with which even quantum computers will encounter 'problems'. If you make a hashing algorithm which at least take (for example) one second to finish, even a quantum computer can do one try each second.

How slower the hash, the more secure. We only would need to make - relatively - very slow hashes.

O'Niel
  • 2,740
  • 3
  • 17
  • 28
  • 1
    Passwords are not as secure as their hash is. Or rather, passwords and hashes are as weak as the weaker of the two. A bad hash allows finding the password. A bad password allows finding the password. A bad implementation of security in an application allows finding the password. Security is about finding the weakest link. If a bank installs a titanium vault door in a plasterboard wall, any thieves will go through the wall and not the door. – Mark Ripley Sep 17 '16 at 09:28
  • @MarkRipley I also didn't talked about the password itself. But about how save they're saved. Yet you're right and I edited my post to make it more clear. – O'Niel Sep 17 '16 at 09:43
  • In quantum computing I think more important is the password length than algorithm used. So it won't matter if you hash something million times or not, but what matters is how long the password is. – Aria Sep 17 '16 at 12:25
0

Quantum computing may possibly break current crypto systems so an attacker can read encrypted files/messages. If is also allows reversing current hash functions, this would allow a hacker with a stolen (hashed) password file to easily recover passwords from it.

The effectiveness of two (or more) factor authentication would not be altered, except to the effect that quantum computing weakens the crypto behind one or more of the factors.

The problem with using biometrics for authentication is that if it is possible for an attacker to 'steal' your biometric information, there is no way for you to change it afterward. When your credit card is compromised you get a new credit card number. When your password is stolen you change your password. When your facial information is stolen, I suppose you could perform plastic surgery, but that would be sort of extreme.

I think the future of authentication lies in smart devices that act like keys; you have to have them with you to authenticate, and they need to be stolen to get access to your account(s).

Mark Ripley
  • 657
  • 4
  • 9
-1

Theoretically, we can implement quantum hashing to combat the issue using just 1 qubit. The data stream can be translated into one of infinite states, so long as the algorithm behind it can produce sufficient entropy.

Passwords can't go away. They'll evolve like they always have. We'll be able to process them in better, more secure ways that can't be circumvented. The only real way to combat quantum computing attacks is to use quantum mechanics, so until it's publicly accessible, everyone's at risk. If you like conspiracy theories, the government is working on implementations that not only work, but will break every cryptographic algorithm we use today. There's a page discussing it and the dangers of quantum computing here:

https://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html

Brian
  • 31
  • 3