[fi358]

As far as I know, they still need classical encryption methods (with something like shared secret key or public key for authentication) to detect active man in the middle attacks where the attacker prevents the parties connecting to each other and then pretending to both parties to be the other party by creating his own "messages" as if they came from the other party. Or at least to have some kind of additional trusted physical medium where it is impossible to prevent the parties communicating directly, capturing their "messages" and then sending your own modified "messages" instead -- perhaps based on some kind of timing etc.

And if you still have to rely to classical encryption methods to make sure you know the identity of the other party (to prevent active man in the middle attack), why not just use classical encryption methods for everything else as well, instead of using quantum key distribution?

[ko27]

You don't need "classical encryption" for quantum key distribution. With QKD you can provably detect if a MITM attack happened. With classical methods you can never be 100% sure, although how much of that matters in practice is another question.

[bawolff]

> You don't need "classical encryption" for quantum key distribution. With QKD you can provably detect if a MITM attack happened.

This is incorrect. QKD can detect passive mitm only. It cannot detect an active mitm.

Which is the main reason its overhyped, since as cool as QKD is, you still need active mitm prevention, so you have to rely on classical crypto anyways.