Re: Encryption key longer than text to encrypt




Hi,

It's not so much that I harbour some irrational belief in the invalidity
of the proof, sorry if I gave such an impression. I have read the commonly
available explanation of its impenetrability before and it wasn't good
enough for me then. I see a number of serious problems. One point
is that any intercepted cryptogram by its very nature gives away the time of
the communication and an upper bound for the length of the plaintext.
By definition, at least, you need a layer of concealment to go from, pressumably
99.9% secrecy to 100% because of this. But this is something quite obvious
and in normal use does not give very much information to the attacker.

You are burbelling. Does an OTP protect you against meteorite hits? No.

The rules of the game are : Given the encrypted text, can you from that
alone determine the plaintext? Or given 10^5 encrypted texts can you
determine the plaintexts? An OTP guarentees that with that information
alone one cannot determine the plaintext []

Hello,

How can OTP _guarentee_ this if it gives no process to follow to accomplish
this aim?





There are less obvious problems, the worst of all being that this proof
is nowhere near enough for me to build an OTP system with the assurance
of 100% (or close ) secrecy. For that I would need something much more

Maybe not. But that may say more about you than about an OTP. The most
detailed plans of an F16 would not be near enough for me to build an F16.
That does not necessarily mean that there is something wrong with the
plans.

The Chinese have a saying and it goes "A tiger partly drawn is a dog".



solid and I've got an idea that it may be similar difficulty to finding
a UFO.....

Solid? UFO?



If a top chess player is winning consistently against everyone because
is employing a new methodology that nobody had worked out before do
they publish it? Well, in chess it is possible because the amount of
money you can earn from selling a few thousand books is probable more
than what you can earn from prize money in this game. But in the security
domain I think is quite different the situation. The effect of publish
has an effect on everyone else in the sector and then all the clients of
the technology and maybe some of them are quite unhappy if that technology
suddenly fails with a crashing sound so,... so it is quite possible you
can make much more money by to keeping it (semi)secret hehehe :)

And this is relevant how?


For the first thing you said that nobody knows the answer or even how to
phrase the question. What various sets of people know is an issue in
security.

If an adversary knows what time a communication is made between A and B
they know some information. Without even knowing what the specific
security situation is we can say a priori that the adversary knows the
communication cannot be an order which has been acted upon BEFORE the
communication took place.

If an adversary knows over what lines a communication was made they
know where they might try to intercept it. Because interception is
a physical process and if they didn't know where the line was, well hey,
they'll probably not have very much success intercepting it.

If an adversary knows the details of what your process is to securely
put A in communication with B.... if they don't know..... *cough*


What do you do about the locale problem?;

I do not have one.


(possibly a scene from blakes7 :)

- Can you tell me why our cipher machines are allowing are
enemies to read all of our communications, with no effort at all?

- Madam, it cannot be a problem with the technology. The machines
are perfect.

- Well that does not explain the fact that all of our communications
can be read with no decoding effort at all! Your confounded machines
are sending our data with no encipherment at all, let alone the
rebels, even our service scouts can listen to top secret classified
broadcasts as if they were tuning into some entertainment channel!

- Madam, may I state again clearly the machines are very advanced technology
and it is impossible for them to fail. They use a true random number
generator module that has been developed over a period of some 50,000
years by the Averex co-operation on planet 9. Random numbers are really
quite strange things Ma'am, if we throw a dice 1,000 times we do not
expect to get 1,000 sixes but with truly random numbers this actually
happens sometimes. Sometimes it even happens for 1 million times or
more. What we are seeing here is what we call a "locale hit".

- Why am I surrounded by complete buffoons! It matters not to me what
peculiar properties may abound in the machines we have contracted
from you, it matters not to me what theoretical deliquencies happen
to appropriate themselves in the annuls of cryptography, it matters
simply to me, young man, that our top secret communications are not
read by our enemies or in fact by anyone except those who are the
authorized recipients. And *your* cipher machines are not fufilling
this aim. Guards! Take this *fool* away ....

And likewise, a truly random machine would not sell because of this problem
of course the assurance that because we happened to have a sequence of 2 million
zeros means nothing about what happens next is not going to wear well because
of human "common sense".

So what if it puts out a string of 20000 zeros. IF the attacker does not
know it is going to do so, that helps not at all.


Uhmmmm,... this is the case illustrated above. In this case we hit a locale
where the machines put out a string of billions of zeros. In this case
while this is happening the users of the machine won't be convinced of
that argument,...


Mind you IF my random number machine put out a sequence of 200 zeros, the
probability is far far higher that it is a problem with the machine than
that the machine just happened to put out 200 zeros by chance.

Exactly. And if you have a machine that continues to output zeros for
weeks you would soon send the machines back to the company. If every machine
was doing it the company would soon be run into disrepute because everyone
using the machines would use "common sense" to tell them that the machines
must be flawed. Nobody would believe that it was just a pure "coincedence"
but coincedences happen all the time.





Yes, this does not seem to present significant difficulty really, as given
anyway but there is a point....

properly. HOwever a really tiny bias in RC4 is sufficient to cause the
community to strongly suggest that RC4 not be used for anything new
anymore.

Well yes you don't want any information leakage - irregardless of what one
believes the enemy could do with it in from a general point of view.
In a specific case it could give vital information. In general not even
being able to decipher one bit of the plaintext, if the attacker can just
discern some property about it, that itself may be enough to give away
crucial, sensitive information. So a cipher is trying to protect this
also.

ALL stream or block cyphers leak huge amounts of information. The question
is whether or not that information is helpful to the attacker. In the case
of RC4 is that bias such that the attacker can use it to extract
information. YOu KNOW that RC4 for more than 256 or so bytes is completely
determined by those first 256 or so bytes. Ie there are huge correleations
in the ouput. The question is whether those correleations are actually
helpful to the attacker.

Well, yes, in the public domain at least; you don't want the information
or the software tools that give a general attack vector on the, say RC4, product
being distributed. Obviously the community decided that since this information
about the bias was in distribution it was time enough to move on to the
next product.

g2g byefrom,
laura




bestwishes
l





Anyway thanks again for pointing me to Shanon, I've read a little before from him
but I read his bio this time and seems like quite an interesting character :)

bestwishes
laura












Regards
Jean-Francois Michaud


--
echo alru_aafriehdah@xxxxxxxxxx |sed 's/\(.\)\(.\)/\2\1/g'

--
echo alru_aafriehdah@xxxxxxxxxx |sed 's/\(.\)\(.\)/\2\1/g'

--
echo alru_aafriehdah@xxxxxxxxxx |sed 's/\(.\)\(.\)/\2\1/g'
.



Relevant Pages

  • Re: New Method for Authenticated Public Key Exchange without Digital Certificates
    ... the parties might perceive this simply as a communication ... transmission of key fingerprint in band ... ... extremely weakly secured machines. ... attacker typically goes for the weakest link. ...
    (sci.crypt)
  • Re: U.S. suspends IBM from seeking new federal contracts
    ... IBM grew up out of a company founded by former U.S. Census bureau employee ... who developed punch-card tabulation machines to automate ... The information contained in this communication (including any ... delivering it to the intended recipient, ...
    (bit.listserv.ibm-main)
  • Re: MVCIN instruction
    ... machines. ... outboard channels. ... The information contained in this communication (including any ... intended recipient, you are hereby notified that you have received this ...
    (bit.listserv.ibm-main)
  • Re: poor-persons micro erlang (was Re: Growth of the CAML family of languages)
    ... Unix file descriptors for the communication between state ... machines. ... good abstraction - but that would mean orders of magnitude ...
    (comp.lang.functional)
  • Re: Critical services to unblock?
    ... A DMZ is fine for machines that have a strong chance of being compromised ... communication with the Internal LAN for the protection to mean anything. ... Microsoft Internet Security & Acceleration Server: Partners ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
    (microsoft.public.isa.configuration)