I found this article while keeping an eye on articles linked from Rootsecure.net (kudos), the title immediately struck me as somewhat ludicrous given its phrasing, but I guessed that it probably had to do with quantum cryptography. Fairly regularly I'll see articles floating out on popular security sites about the media's (mis)use of terminology. This is a dead horse; anyone who is mildly involved with the security world knows there is a serious disconnect between "our" use of terminology and the media's use of the same terms. The article I'm focusing on is guilty of misuse of terms, but also misuse of concepts and hilariously bad wording. And, to be fair, I needed to put something else in the statistics/analysis section at Attrition.org.
I do not have a physics degree. My knowledge of quantum cryptography and the physics applied here come from a general interest in that area, Wikipedia and a few industry texts on cryptography. If you're a physicist and I mis-apply any concept please e-mail me and explain, I'm always interested!
The title of this article serves its purpose, it grabs the attention of the reader: "New laser may stop computer hackers". After conferring with my esteemed colleague Dr. Lyger J. Attrition we determined two possible meanings: 1) A new laser, similar in function to Cerebro of X-Men fame, was able to target hackers destroy them or 2) Some kind of laser technology was able to eliminate vectors a nefarious hacker might employ to compromise data. Although we hoped for Patrick Stewart we were rewarded with Jim Varney.
The article begins by saying:
A THEORY first proposed by Albert Einstein 70 years ago has provided the basis for a new electronic "key" that could spell the demise of computer hackers.Aside from the dubious use of the word "demise" as it pertains to the first possible meaning for the article title, the article seems to imply that hacking is simply the interception and possible decryption of data. Obviously no matter which hacker hat you might wear, the craft is much broader than that.
The confusion between "intercepting" and "being hacked" continues throughout the article, eventually culminating in the incorrect ascertation that data transmitted in this manner could not be eavesdropped. This quantum cryptographic method holds that no one can intercept the data without that interception being noticed by any of the legitimate parties. It is my understanding that the interception in effect corrupts the data at the quantum level and any meaning is lost because the quantum representations of the data have been altered. Based on this idea, as a malicious third party I may not be able to decrypt the data but I can prevent meaningful communication from taking place via interception. This attack scenario may not be viable given a practical implementation of quantum cryptography that insures the communication channel.
The article goes on to suggest a questionable interpretation of modern security:
The security of quantum cryptography was guaranteed by the laws of physics where the security of conventional cryptographic methods relied on the complexity of mathematical operations.
Bruce Schneier has suggested that without a revolution in our understanding of physics we can not possess the computational power to decrypt data given a key length of over 1024 bits and a sound encryption algorithm, in any practical amount of time. So in effect, good modern cryptography is also guaranteed by the laws of physics.
Even if the methods mentioned in this article were fully developed and integrated into the every day of future computing, the implementation would still be vulnerable to attack. For example, I can encrypt data using PGP and a 2,048 bit key, make that encrypted data available to the world, and never fear it being decrypted. However, the method I use to implement this encryption may be vulnerable to attack. Does the program I use save sensitive temporary data in an unencrypted format? Can I intercept the unencrypted text on the computer performing the encryption before that process takes place? Where is the private key stored? Is that storage method vulnerable?
The point here is twofold: 1) confusion of terminology continues and 2) there is no silver bullet in encryption or security.