...but as soon as I release my algorithm which factors the products of large prime numbers in log(n) time, they will be begging for quantum crypto.

I think your analogy is a little bit off. You've got a front door with a standard lock, a dead-bolt, two chains, and a huge rock sitting behind it for security. Now you're faced with a decision whether or not to upgrade your dead-bolt to a super-duper-heavy-duty-dead-bolt. But, since your wife leaves the garage door wide open 4 days a week and no amount of persuasion will convince her to stop, the decision not to upgrade seems like a no-brainer.

Bruce has said this dozens of times before this, and he's right. Quantum Cryptography (or alternatively, Quantum Key Distribution) has no commercial application today, outside of (maybe) a few paranoid and high-security government applications. But the latter can hardly be much of a commercial application, since the existence of a large government market would send a strong signal that governments aren't confident in existing cryptographic algorithms. That would be a bad signal to send.

Furthermore, QKD networks have issues including side channel attacks, where the machinery for transmitting/receiving photons actually leaks information via EM emissions, measurable power consumption, or even sound. In fact, one of the big issues they've had in research networks is that historically the transmission machinery has been noisy as hell.

Which is worse: a password that you can remember, or changing passwords every 30/60/90 days to a new password such that you can never keep up, and thus need to write it down *somewhere*?

Sometimes, the very processes intended to make us more secure (by forcing a password change regularly) instead make the entire system less secure (because "I forgot my password" too many times and you'll end up out of a job, so better to write it down than to lose your job!).

Sorry, just griping about new policies at $work.

Er...

"Bruce Schneier knows the state of Schroedinger's cat?"

Yeah, but in any commercially useful application of the technology, you're going to have computers at each end dealing with the data once it's decrypted.

That's Schneier's whole point really. The weak link isn't actually sending encrypted data, it's dealing with the data at either end of chain. For the data to be useful, it has to be decrypted at some point in time, and the listener's computer has to know how to do the decryption. An attacker isn't going to attack the encrypted data stream. They're going to attack either the source or the listener, and either get the stored decrypted data, or get the stored encrypted data and the necessary info to decrypt it.

If your total communications network consists only of a encrypted communications line, plus a computer on each end, and both of those computers have no other connection to any other sort of network, and also have foolproof physical security, then maybe the encryption line might become the weakest point. But in the real world, computers are generally interconnected with many others, allowing lots of directions to attack from.

Unless someone comes up with some amazing breakthrough that makes factoring very large numbers trivial, there aren't really any practical cases where the encrypted data stream is the likely target of an attack.

Quantum encryption seems to fill a very particular niche (point to point communications) and doesn't seem to apply well to common encryption use cases (SSL , email encryption etc).

If public key encryption is broken, quantum encryption isn't going to be a good replacement for it for most things.

It's the encryption technology that I can't control / verify.

First of all lets define what is being discussed: Bruce is talking about Quantum Cryptography that is to say a Quantum Key Distribution System.

Now...let's kick your ignorant ass.

A Quantum Key Distribution system isn't really any more under your control or verifiable by you than one that uses SSL. Both can have flawed implementations both are probably way beyond your skill set to verify.

So give me encryption that I can trust

A quantum key distribution system is NOT unbreakable encryption. Period. It simply gives you perfect assurance that your encryption keys are given (and hopefully known) only to the person they are intended.

You still need an encryption algorithm to USE those keys. That algorithm could be the worst one on the planet.

Schneier has no business telling me "your set up is flawed so there's no point in giving you secure encryption."

What he seems to be talking about is relative risk. One of those things I find that people, the media, bloggers and especially you are inordinately bad at evaluating.

Key transmission is not only one of the things we generally don't have to worry about it doesn't even seem to appear on your list of ignorant gripes...

to wit:

It's for me to judge and all I want is to ensure that no weak links come in from outside my control, i.e. a flawed algorithm or technology.

And QKDS doesn't fix a flawed encryption algorithm or a flawed implementation.

It's an interesting definition of "pointless" he's got there; symptomatic of the ultra-capitalistic mindset that has just been demonstrated to be far from optimal by the current financial crisis. Look at it this way: He is saying that the only thing that matters in the world is whether you can make a profit. This is the ideological basis for such things a the lack of regulations that have brought us the crisis; it is also the reason why making a fast profit has been giving priority over long-term financial stability in so many companies, banks not least.

Apart from that - basic research is not pointless, even if there are no short-term profits to be made. Basic research is necessary because we are not able to tell what we are going to need to know in the future - take the early research into quantum mechanics. It was basic research, utterly pointless according to this definition, but we wouldn't have semiconductors today, and thus no PCs nor the endless numbers of electronic gadgets we have now, were it not for that "pointless" research.

It really is time to stop dreaming about "the market" as something magical that will sort everything out for us without requiring us to think and take responsibility.

But as you point out, I'm ignorant and it's beyond my skill set to verify the technical aspects of a security method (I can only verify my configuration of it against my reading)

Let's just go over this slowly, then, so you'll understand.

1. Quantum Cryptography is not encryption, it's key exchange.

2. It does not guarantee that nobody was listening. Only that you will know if somebody was listening. That's why it's only for key exchange. You exchange the key, and if someone was listening, you throw away the key and try again.

3. Once you have a key that nobody else have seen, you use *regular* symmetric encryption (like AES) for the message itself.

Now, given that you can already use AES without Quantum anything, can we do the key exchange part with the guarantee that noone saw the key with simpler technology?

The answer is yes. There exists a method so simple that even an ignorant can understand it. It's called "bringing the key over yourself". Not "having someone bring over the key", because the security of that depends on if you can trust him or not. But bring the key yourself, then you know if you showed the key to anyone on the way.

But but but, you might say. A plane trip across the world just to bring over the key is expensive.
In that case: You missed the part about needing an optic cable from one site to the other. Not an internet connection and a VPN. A dedicated cable. No switches or anything on the way (they would have to listen, just like the attacker, thus breaking everything). What does a cable across the Atlantic cost? A huge lot more than a couple of plane tickets.