Re: Are natural languages secure ciphers?
From: Paul Schlyter (pausch_at_saaf.se)
Date: Wed, 8 Oct 2003 20:50:36 +0000 (UTC)
In article <email@example.com>,
Mxsmanic <firstname.lastname@example.org> wrote:
> Bill Unruh writes:
>> Thus any sensible crypto system MUST take into account
>> "couriers being robbed", spies, etc.
> And that has been done, and in those cases the one-time pad was used
So has the Caesar cipher, and Rot-13....
> with complete security.
Is it "complete security" if it works SOMETIMES ??? Is that all you
require? Boy, you surely don't require much of security, do you?
With such weak requirements, you would consider even the simplest
cipher "100% secure" -- after all it has worked sometimes! <g>
>> The difficulty of key transfer and schedule is precisely why a one time
>> pad is almost always useless, and also makes it one of the least secure
> It is the _most_ secure cryptosystem, but it is among the _least_
> practical. Two different characteristics.
Thus in real life it's the least secure. Impractical cryptosystems
aren't used, not because of laziness but because of the risk the
>> So, if it does not work in 1% of cases, this makes it about on par with
>> rot 13 as far as a secure system is concerned.
> Very few situations require total security. Those that do often also
> justify special measures to ensure that the implementation of a
> totally-secure one-time pad actually remains that way.
>> "Most cases" is not a great advertisement for a crypto system.
> Nobody is trying to sell one-time pads.
Haven't you checked the Web? Do a web search for "One time pad" and
you may be surprised! Or read Bruce Schneier's free e-periodical
"Cryptogram" (also posted at his web site http://www.counterpane.com)
and read the column "The Dog House" -- there he's mentioned numerous
"one time pads" people have been trying to sell.
> However, most crypto-aware people realize that one-time pads are
> 100% secure, so if 100% security is required, so is a one-time pad.
It's 100% secure only in a narrow theoretical sense. In real life
the one-time pad is often less secure than other cryptos, due to the
practical difficulties of distributing those keys and ensure people
never re-use them. A real world crypto system cannot just naively
trust that people follow the rules - it must force people to follow
the rules. No enforcement ==> no security.
-- ---------------------------------------------------------------- Paul Schlyter, Grev Turegatan 40, SE-114 38 Stockholm, SWEDEN e-mail: pausch at stockholm dot bostream dot se WWW: http://www.stjarnhimlen.se/ http://home.tiscali.se/pausch/