Re: One-Time Pads [was: Re: Help: Randomizing a List of Numbers]

From: Bill Emerson (no_at_one.home)
Date: 07/21/04 

Date: 21 Jul 2004 19:45:59 GMT

In sci.crypt, Tim Smith wrote:
> On 2004-07-20, Bill Emerson <no@one.home> wrote:
>> You generate list of random numbers or strings and then encrypt a message
>> using one of those strings/numbers for each character as it comes and
>> never repeat the use of one of those strings then throw away the key.
>>
>> Is that right?
>
> Right.
>
>> Completely unbreakable (???)
>
> Under certain assumptions. First, that it is used correctly (e.g., you
> really do throw away the pad as soon as you use it). Second, that your
> random key is indeed random.
>

That random factor seems to be the problem here, all right.

>> My solution to the insecurity of the internet is to send private
>> communications in a letter hidden inside a package via parcel post.
>>
>> I just don't trust PGP or SSH or any of those other encryption schemes.
>
> PGP is orders of magnitude more secure against a determined adversary than
> letters hidden inside a package sent via parcel post.
>
> ...

Unless the packages are sent from a distant post office (relatively) to
a post office box that is relatively distant from who you are sending it
to and rented under a false name, etc...

>> You sure could fit a lot of them on a CD.
>
> Yes. Many people overestimate how rapidly the key would be used, and so
> think distributing CDs would be a nightmare, but I think they are way off.
>
> Checking my home machine, I see the following:
>
> Uptime: 7 days, 6 hours
> Traffic on eth0: received 274 Mbytes, sent 196 Mbytes
>
> For my machine at the office:
>
> Uptime: 14 days, 22 hours
> Traffic on eth0: received 376 Mbytes, sent 75 Mbytes
>
> Based on those numbers, and my guess as to how much of that traffic was
> between my home and work, if I were to use a one-time pad to encrypt traffic
> between home and work, one CD a month would easily cover it. One DVD would
> probably cover a whole year.
>
> A CD a month, or even a CD a week, would not be a distribution nightmare.
>
> --
> --Tim Smith

Good! Cleared that up.

Thanks Tim. A lot.

I have really gotten sidetracked by this otp thing, but it's a better
project than a stupid game, by far. Extremely interesting world you
have here.

Bill

Relevant Pages

  • Re: Cryptographic protocols, again
    ... decrypted (to prove that I really did encrypt all thirty-six dice rolls). ... Server picks from a random set of strings ... Encrypt the 36 strings with your own private key AND ...
    (rec.games.backgammon)
  • Re: Cross platform password string encryption
    ... few people use Delphi or C# compared to C ... The consuming code doesn't use the library code in the right way. ... a raw key directly to the encrypt routine. ... The consuming code is trying to pass strings to the routines and ...
    (sci.crypt)
  • Re: One-Time Pads [was: Re: Help: Randomizing a List of Numbers]
    ... > never repeat the use of one of those strings then throw away the key. ... Checking my home machine, I see the following: ... if I were to use a one-time pad to encrypt traffic ... A CD a month, or even a CD a week, would not be a distribution nightmare. ...
    (sci.crypt)
  • Re: Newbie data size encryption questions
    ... amount of data that I can encrypt without the system being insecure? ... For example, if i wanted to encrypts strings of say 5 or 10 characters, ... bytes for AES] and other modes like CTR would need an IV. ...
    (sci.crypt)
  • Re: Linux System Users Login/Password?
    ... So far I've managed to pull all of the shadow password strings out and into a database, but is there any way of 'matching' the encrypted strings if you are given the plain text version, like with md5? ... PHP has a function named 'crypt' that will encrypt strings in the same way the password is encrypted into the password file. ... Do you really want to pull all the shadow entries into a database? ...
    (comp.lang.php)
Loading