Re: Bruce Schneier Gets It Wrong



John Savard wrote:
At least, if the report on his comments in _The Register_ is accurate.

Two Japanese scientists have proposed that the random signals from
quasars be used for encryption, since they are genuinely random, and not
algorithmically pseudo-random.

Bruce Schneier referred to that as a "brand-new idea", and asked why
people would trust something untested.

It's a *bad* idea, all right, but I wouldn't call it *new*.

In fact, it's just a very slightly modified version of a one-time pad
fallacy as old as the hills. The idea that one could have the security
of a one-time pad if one used a *public* source of randomness...

How do you know? How do you know this isn't, say, a scheme intended to be
secure in the bounded-security model, or a variation on hyper-encryption,
or something like this? I think it's a little early to make assumptions
about what they're proposing based on a press release; we don't really
know what their scheme is.

It's probably still not very important in practice, because crypto is
rarely the weak link in today's systems, because today's crypto schemes
are pretty good, and because you'd have to be crazy to use a new untested
scheme when existing standard schemes have seen a lot more scrutiny.
But I think it's too early to conclude that this is a straightforward
one-time pad.

By the way, I don't understand what you think Bruce Schneier got wrong.
I find myself in complete agreement with his remarks.
.