4/15 What is a one-time pad, and why is it considered bad/insufficient
for security?
\_ Yeah, why is a one-time pad insufficient? Snicker. - !OP
\_ a one-time pad IS insufficent if it is the only thing
you are using for security. There better be some intelligent
system for sharing one-time pads/keeping them secure, etc.
Stop being an ass.
\_ So you're saying a one-time pad is insufficient if it is used
stupidly? Is there a security protocol that is sufficient
even if used stupidly?
\_ I'm saying that used alone it is far from sufficent because
there are far too many unresolved issues.
\_ declaring war on iraq
\_ which begs the question: if your system is idiot-proof,
won't someone just build a better idiot?
\_ It's an encryption algorithm: to send a (say) 5K message to your
friend, first generate 5K of random bits (the "pad") and share
those secretly with your friend. Then, to send your message,
just xor each bit with the corresponding bit from the pad. You
can't ever reuse pad data; you have to generate new random bits
for each message you want to send (hence the "one-time").
This algorithm is cool because it's provably unbreakable: if
someone sees your encrypted message, but has no information about
your pad, then it's impossible for them to decrypt your message.
However, this algorithm is usually not practical, because you have
to secretly share 5K of pad data for each 5K message you want to
send. (For comparison, an ordinary private-key encryption
algorithm like AES lets you secretly share a small key (128 to
256 bits) and then use that key to encrypt as much data as you
want.)
\_ because you're all being stupid and noone signs their names:
OTPs are useful for when you have only occasional trustworthy
contact with your sender/receiver (in-person contact, trusted
monthly courier ...), and have a need to share relatively short
messages in a highly secure fashion.
to respond to some of the points attempted above:
1) if you have a way to get someone a pad in a secret [trusted]
way, why not use the same way to transmit the message?
Because the way you transfer the pad may not be available
when a message needs to be sent.
2) if you get part of the pad, you can decrypt part of the message.
If you get an AES key, which is comparable in size to the
supposed partial pad, you get the whole message.
Issues of key management aside (which affect all crypto systems),
OTP offers the user high confidence at the expense of convenience
(large, non-reusable keys) and reliance on periodic OTP refreash.
(large, non-reusable keys) and reliance on periodic OTP refresh.
--4554660b1f82fae1e048ff6c1874d31b
\_ I think everyone who cares already knew that, since among
other things the OTP is about the simplest cryptosystem
imagineable. you have been trolled.
\_ only so that I could get the guy below to respond.
sometimes you gotta take a troll to get a better troll.
--3210615175eaa726402a9001bf8dbc6a
\_ OTP does not offer high confidence except in highly
controlled environments because there is no way to
perform adequate message authentication in OTP:
1) If the recv'd msg is off by even one bit/char the
message won't make any sense. While single bit/char
errors might be noticed in the decrypted PT,
multi-bit/char errors that can change the content of
the message without being detected (this depends on
the language, but for things like english the
probability of detecting multi-bit/char errors is not
that high).
2) If OTP is used for messages transmitted via a public
channel the big problem is that there is no way to
ensure that the message you recv'd was transmitted by
the person that should have sent it. In some cases
an attacker can mount a DOS on the system by tx'ing
fake messages.
\_ Why is it one-time? Why can't the same pad be used again to
transmit a different message to the same receiver?
\_ If a pad is reused, a pattern is formed in the ciphertext
which can be exploited by an opponent via a Analysis in
Depth Attack. Some of the venona decodes were the result
of the Russians reusing the same pad for multiple (different)
messages. |
http://csua.com/feed/