Re: Erasing an OTP file on a SD card.
From: Cesar Bremer Pinheiro (cesarbremer_at_raseac.com.br)
Date: 07/29/04
- Next message: Gregory G Rose: "Re: Erasing an OTP file on a SD card."
- Previous message: Arthur J. O'Dwyer: "Re: Test decryption"
- In reply to: Giorgio: "Re: Erasing an OTP file on a SD card."
- Next in thread: Giorgio: "Re: Erasing an OTP file on a SD card."
- Reply: Giorgio: "Re: Erasing an OTP file on a SD card."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jul 2004 10:03:19 -0700
giorgio@bignami.zzn.com (Giorgio) wrote in message news:<a437708a.0407290117.78037fc8@posting.google.com>...
> cesarbremer@raseac.com.br (Cesar Bremer Pinheiro) wrote in message news:<4c3656f.0407281116.1de1b935@posting.google.com>...
> > We have clients that don't want to rely only in Rijndael to their
> > protection. I will ask you, why do not allow our clients to have OTP
> > security?
> ...
> > The security have a price, we have clients asking for OTP.
> You must think that in real world you are using crittosystems and that
> algoritms are only a single element of it; the whole system is as weak
> as the weakest element.
> With OTP, you can be sure taht the algorithm is provably unbreakable
> but since is required the excange of a pad as big as the message, all
> the other steps of the system become most difficult to be keept secure
> than when you are using other systems. That doesn't mean that security
> of the whole system is not a problem for the implementation of other
> cypher, it only means that OTP must manage bigger problems.
> Like Bruce Schneier says in Crypto-Gram it's worthless to make any
> element of the system overkilling if there are simpler solution for
> the attacker, it will be like sticking a 50 ft poole to make a
> palisade wall when all other pole are shorter and weaker, the attacher
> will simply sidestep and avoid the strongest poole.
> With many good cryptosystem you can calculate what would be the work
> needed to break it (or the best way known), with OTP you excange this
> problem with: how strong is the pad excange system? Can i
> realistically calculate if it's higher or lower than the difficulty in
> breaking ather crittosystems? Can i calculate how difficult is to
> overcome guards or reverse engineer hardcored protections? How much
> does it costs? Can i prove that it will be reasonably secure under any
> circumstances or in the very most of the cases?
> I think it's very difficult to calculate and proof the security of
> such kind of system; the system will be as sure as you can make sure
> (in the real world at the cost that you can afford) to keep the pad
> secure, the whole system would never be practically unbreakable as the
> algorithm so the customer will never have the theorical OTP security,
> but only the security of the weakest element of the practical
> OTP-implementation.
> The customer should really be warned about it, they are however using
> an OTP-implementation, wich have weaker steps than the unbreakable OTP
> algorithm, and that means that it's strong as the weakest element.
>
> > I donn't know your technical
> > backgroung, but implemment OTP is a very easy task.
> > And abut our OTP implementation. You will be able to test-it in an
> > easy way, you will have the opportunity to change the OTP file and
> > hear the sound.
> It's very easy to make a routine that xor sources of data... but one
> must com form a real rng, and the rng device should be tested to
> beeing properly working in the given parameters (not testing the
> output, since if the output is real random it can be anything). More,
> you must be sure that the rng is based on a really non deterministic
> dynamic and you should be able to test that it's not tampered by an
> attacker before you use it. (it's part of the olistic security needed
> in a real OTP implementation)
>
> > We erase all used data after each session, in both handhelds, and our
> > OTP routine checks if we are reading null data.
> As said, secure deletion is quite difficult, there are physical means
> to recover old states of many kind of memories. Also this element of
> the implementation, if difficult, is not impossible. You should well
> know how the device works at a very low level and keep you secure
> deletion routine updated with advancements in data recovery.
> Like said, the cost for the overkilling security of the algorithm
> element of the system, in the case of OTP, reflects vary badly over
> other elements, that may become potentially weaker (and certainly are
> more unpredictable) than the security provided by other cryptosystems.
> I hope to have been useful in the thread.
> Giogio
Thank you for your reply.
I agree with you. I implemented One Time Pad under AES 256 bits CBC
random IV, this is an option to the user, only works under the
symmetric encryption. In our system you can't use OTP alone.
About erasing SDCard: In our case, if our client is worried against
attackers recovering erased data in a SDCard, i think he have a very
important information inside the SDCard to be protected, and enough
money to destroy the SDCard after using it.
And about OTP Random data generators. We have a lot of good random
data generators today in the market, i don't see problems using one of
them.
Cesar.
- Next message: Gregory G Rose: "Re: Erasing an OTP file on a SD card."
- Previous message: Arthur J. O'Dwyer: "Re: Test decryption"
- In reply to: Giorgio: "Re: Erasing an OTP file on a SD card."
- Next in thread: Giorgio: "Re: Erasing an OTP file on a SD card."
- Reply: Giorgio: "Re: Erasing an OTP file on a SD card."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
