Cipher Issue 94, January 2010, Editor's Letter

Dear Readers,

The plans for the 30th anniversary celebration of the Security and Privacy Symposium this May are well underway, and there will be a gala awards dinner with master of ceremonies Peter Neumann. Registration will open soon, and you can register for the full conference (at the Claremont Resort, as always) or just the awards dinner on May 17, at the Pauley Ballroom on the University of California campus.

I was dismayed to read about the recent practical demonstration of a vulnerability in quantum key distribution. Although the method has limited applicability and is not in widespread use, it had a a lustre of unbreakable security founded in physical principles. What a shame to learn that it can also break down in the actual physical world. Engineering scores another triumph over theory. See Richard Austin's review of the "24 Sins", a book devoted to trying to engineer security errors out of software, for more examples of how engineers try to cope with reality, or read any online security news publication to hear about the 0-day exploit used against Microsoft's Internet Explorer in recent days.

The victory of machine over large numbers in the recent factorization of a 768-bit RSA public key modulus is another reminder that our reliance on theory requires constant vigilance of the progress of practical mathematicians. Although 1024-bit moduli are not yet in danger, cryptography remains a delicate balancing act between practice and theory.

Hoping your keys are safe for now,
    Hilarie Orman
    Cipher Editor