About The Authentication Avalanche
I recently added some details about authentication in the Threat Briefing section, “The Authentication Avalanche.” Previously, I included Harvest Now, Decrypt Later, and Cryptocurrency Security. Both of those are substantive — loss of secrecy and privacy from HNDL attacks, and billions of dollars of assets are at risk in crypto. But, the Authentication issue seems to be more concerning.
When we use the internet we often sign in to services. That’s how most of us commonly think of the scope of authentication and security. But, systems on public and private networks often communicate with each other without any human intervention. They do that securely by using credentials. Those credentials are based on cryptography that is susceptible to quantum attacks. And, there are billions of credentials suscpeptible to quantum attacks.
These are systems which run the internet, run manufacturing, run healthcare, and so on. The scale is truly daunting.
There are discussions about this, but how much is being done about it? Our research shows that Cisco is well aware of this and making necessary changes. But, we have not found other players in industry to be responding similarly. This lagging response is very concerning, and I hope that there’s more going on behind the scenes than appears in the public domain. Godspeed.