Hacker News new | past | comments | ask | show | jobs | submit login

> in fact hashes remain secure under quantum computing.

Hashes will see their security cut in half, in terms of the effort needed to find a pre-image. (EDIT: security in bits = log of #evaluations needed)

E.g. finding a SHA256 pre-image, which amounts to a search over a space of 2^256 candidates, can be sped up using Grover's algorithm, to roughly 2^128 hash evaluations.




That's not half. Its square root of n. By cutting effort in half of 2^n you get only 2^(n-1).


The effective number of bits of entropy are cut in half.


Well he said "in terms of the effort needed to find a pre-image". For that effort won't be half.


That's true, but it's easy to fix by using longer hashes (e.g. SHA-512). RSA and ECC are broken beyond hope.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: