Is using quantum computing to break passwords non-sense?

Question

I understand the concept of 'trying all possibilities at once' but can anyone explain this with respect to the fact that my PC only accepts one password at a time? There's no input field that accepts all these possibilities and the same goes for the passphrase field in encryption... Why should we be afraid of quantum computers while being on conventional computer systems?

Answer 1

Well, the best answer I can think of is by referring you to Scott Aaronson's wonderful blog.

Quoting the very header of the blog:

If you take just one piece of information from this blog: Quantum computers would not solve hard search problems instantaneously by simply trying all the possible solutions at once.

So no, a quantum computer would not try to input all passwords simultaneously to the password checker: as you correctly guessed, this would be nonsense. But a quantum computer can still use the intriguing properties of quantum mechanics to perform some computations which we have no idea how to do using a classical computer, such as using Shor's algorithm to factor a big number in polynomial time, which allows for example to break the RSA cryptosystem. So, if you are on a conventional computer system, you encrypt your password (or any other sensitive data) with RSA, and send it over the network, then you should be afraid if there are (scalable, etc) quantum computers available - for anyone with such a computer will just break the ciphertext in a short amount of time, recovering the sensitive information you had hidden inside. If the password is kept locally and an adversary tries to guess it to log to some service, then a quantum computer will not help him.

Answer 2

Considering quantum computing to break passwords in the online setup would be nonsense. In that setup, passwords are sent to a classical system testing the password. That seems to be the question's scenario.

In the offline setup, the information that allows testing if a password is accepted or not is assumed to have leaked to the attacker (e.g. because the file or database holding password hashes has leaked). Finding the password is a combinatorial problem, and it can't be summarily dismissed that quantum computing could help. With many ifs, it could be that breaking a password requires $O(2^k)$ work for a classical computer, but $O(2^{k/2})$ for a quantum computer, and that it makes the difference between infeasible and feasible. For example, a quantum computer conceivably could help find a password with a given MD5 (a 128-bit hash which used to be a common way to hash passwords), even if the password was very complex (20 letters/digits). However

• Today's quantum computers are of no help at solving the kind of exact problems involved in symmetric cryptography, including reversing hashes like MD5. It remain hypothetical that this will ever improve markedly. This issue plagues the quantum computer claiming quantum supremacy, which really is only good at some narrow class of problems tolerating approximation, and which supremacy at that is disputed.
• Modern password hashes are deeply iterative, some using large memory states, and it is even more hypothetical that quantum computers will become useful in attacking that.