“How Peter Shor’s Algorithm Dooms RSA Encryption to Failure”

Shor’s algorithm describes how to factor the product of pairs of very large prime numbers. The catch is that Shor’s algorithm requires a quantum computer to run on and while quantum computers do exist today, there aren’t any that are powerful enough to run Shor’s algorithm on the products of prime numbers which are big enough to be ‘interesting’.

Experts predict that there will be quantum computers sometime in the next couple of decades that should be able to run Shor’s algorithm on the products of very large (i.e. ‘interesting’) prime numbers.

Sidebar: If I have two very large prime numbers A and B then it is fairly easy to multiply them together to get a considerably larger number C. If I then give you C but don’t tell you the values of A and B that were multiplied together to get C then figuring out the values of A and B gets crazy difficult if A and B are large enough. Shor’s algorithm is able to figure out what the values of A and B are even if A and B are very large.

BTW, most modern encryption relies on the assumption that if A and B are prime and large enough and then it is extremely difficult to figure out the values of A and B if one only has the product of A and B.


“Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists”

Computer security researchers have developed proof-of-concept malware that can add fake lung cancer tumours to or remove real cancer tumours from CT scans. In a blind study, scans of healthy ‘patients’ in which fake tumours had been added fooled skilled radiologists 99% of the time and scans of real patients in which real tumours had been removed fooled the same radiologists 94% of the time. Even after the radiologists had been told that a new set of scans had been falsified, they still misinterpreted the scans 87% of the time.

The researchers were also able to gain sufficient access to a number of hospitals’ network equipment to be able to insert the malware in points in the network such that CT scans could be falsified before any radiologist saw the scan (in many hospitals, the relevant networks are directly or indirectly accessible from the Internet such that physical access to network equipment is almost certainly not necessary).

A Washington Post article describing the attack can be found at https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/

A pre-print of a formal paper describing the attack can be found at https://arxiv.org/abs/1901.03597

“Microsoft admits expiring-password rules are useless”

Computer security professionals have argued against password expiration rules for a very long time. The problem with such rules is that they result in users picking weak passwords, or writing down their passwords, or having a list of say five passwords that they cycle through over time.