NIST is proud to announce the publication of NIST Special Publication
(SP) 800-57, RECOMMENDATION FOR KEY MANAGEMENT, Part 3:
26th Chaos Communication Congress
How you can build an eavesdropper for a quantum cryptosystem
This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference.
Quantum cryptography, as being based on the laws of physics, was claimed to be much more secure than all classical cryptography schemes.(Un)fortunately physical hardware is not beyond of an evil control: We present a successful attack of an existing quantum key distribution system exploiting a photon detector vulnerability which is probably present in all existing devices. Without Alice and Bob losing their faith in their secure communication, we recorded 100% of the supposedly secret key.
Single photon detectors based on passively quenched avalanche photodiodes are used in a number of quantum key distribution experiments. A vulnerability has been found in which these detectors can be temporarily blinded and then forced to produce a click . An attack exploiting this vulnerability against a free-space polarization based quantum cryptosystem [2,3] is feasible. By controlling the polarization of a bright beam the eavesdropper Eve can force any detector of her choice to fire in the legitimate receiver Bob, such that she gets a full control of it without introducing additional errors. This allows Eve to run an intercept-resend attack without getting caught, and obtain a full copy of the transmitted secret key. We have fully demonstrated this attack under realistic conditions on an installed fiber optic quantum key distribution system. The system uses polarization encoding over 290 m of optical fiber spanning four buildings. A complete eavesdropper has been built, inserted at a mid-way point in the fiber line, and 100% of the secret key information has been recorded. Under attack, no significant changes in the system operating parameters have been observed by the legitimate users, which have happily continued to generate their 'secret' key.
 V. Makarov, New J. Phys. 11, 065003 (2009).
Ars Technica, RSA Challenge Modulus, 768 Bits, Factored , by John Timmer, January 10, 2010
Using some new advances in practical factoring methods, an international team has factored a 768-bit challenge number, and that is typical in public key cryptography. The team published a technical report explaining their work.
The BBC News article reports that a serious flaw in Microsoft's
Internet Explorer has been utiliized in attacks against Google's
GMail, and especially against Chinese dissidents. Because there is as
yet no patch for the problem, the German government issued a statement
advising its citizens to find alternative browsers.
German government warns against using Microsoft Interent Explorer
By Daniel Emery
Technology Reporter, BBC News
The BBC News article reports that a serious flaw in Microsoft's Internet Explorer has been utiliized in attacks against Google's GMail, and especially against Chinese dissidents. Because there is as yet no patch for the problem, the German government issued a statement advising its citizens to find alternative browsers.