Jean-Philippe Aumasson - Quantum Computers vs. Computers Security

10/22/15 • -1 min

DEF CON 23 [Audio] Speeches from the Hacker Convention

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phillip-Aumasson-Quantum-Computers-vs-Computers-Security.pdf

Quantum Computers vs. Computers Security
Jean-Philippe Aumasson Principal Cryptographer, Kudelski Security, Switzerland

We've heard about hypothetical quantum computers breaking most of the public-key crypto in use—RSA, elliptic curves, etc.—and we've heard about "post-quantum" systems that resist quantum computers. We also heard about quantum computers' potential to solve other problems considerably faster than classical computers, such as discrete optimization, machine learning, or code verification problems. And we heard about a commercial quantum computer, and we heard vendors of quantum key distribution or quantum random number generators promise us security as solid as the laws of physics. Still, most of us are clueless regarding:

How quantum computers work and why they could solve certain problems faster than classical computers?
What are the actual facts and what is FUD, hype, or journalistic exaggeration?
Could quantum computers help in defending classical computers and networks against intrusions?
Is it worth spending money in post-quantum systems, quantum key distribution, or in purchasing or developing of a quantum computer?
Will usable quantum computers be built in the foreseeable future?
This talk gives honest answers to those questions, based on the latest research, on analyses of the researchers' and vendors' claims, and on a cost-benefit-risk analyses. We'll expose the fundamental principles of quantum computing in a way comprehensible by anyone, and we'll skip the technical details that require math and physics knowledge. Yet after this talk you'll best be able to assess the risk of quantum computers, to debunk misleading claims, and to ask the right questions.

Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He is known for designing the cryptographic functions BLAKE, BLAKE2, SipHash, and NORX. He has spoken at conferences such as Black Hat, RSA, and CCC, and initiated the Crypto Coding Standard and the Password Hashing Competition projects. He co-wrote the 2015 book "The Hash Function BLAKE". He is member of the technical advisory board of the Open Crypto Audit Project and of the Underhanded Crypto Contest. JP tweets as @veorq.

Twitter: @veorq

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phillip-Aumasson-Quantum-Computers-vs-Computers-Security.pdf

Quantum Computers vs. Computers Security
Jean-Philippe Aumasson Principal Cryptographer, Kudelski Security, Switzerland

Twitter: @veorq

Previous Episode

Andres Blanco & Andres Gazzoli - 80211 Massive Monitoring

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Andres-Blanco-802.11-Massive-Monitoring-UPDATED.pdf

802.11 Massive Monitoring
Andres Blanco Sr Researcher, Core Security
Andres Gazzoli Sr Developer, Core Security

Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels?

In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to solve this problem.

Andrés Blanco is a researcher at CoreLabs, the research arm of Core Security. His research is mainly focused on wireless, network security and privacy. He has presented at Black Hat USA Arsenal, Hacklu and Ekoparty, and has published several security advisories.

Twitter: @6e726d

Andrés Gazzoli works at Core Security and is part of the Core Impact Pro developer team. He is a C++ developer with extensive experience in UI development. He enjoys everything related to wireless technologies and privacy.

Next Episode

Marte L0ge - Tell me who you are and I will tell you your lock patter

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marte-L0ge-I-will-Tell-you-your-Lock-Pattern-UPDATED.pdf

Tell me who you are and I will tell you your lock pattern
Marte Løge Security Researcher

You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create?

This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves.

Will being left-handed and having experience with security affect the way you create your lock patterns? There are 389,112 possible patterns. Your full device encryption won't save you if your lock pattern is L - as in "looser".

Marte has just finished her master degree in computer science at the Norwegian University of Technology and Science (...NUTS <3) and has discovered the beauty of security.

She likes passwords and colors, resulting in a special interest in graphical passwords. She is probably the only person that has survived after studying the Android Pattern Lock for a whole year.