Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: unruh on 26 Jan 2010 19:08 On 2010-01-26, john <penetratorv(a)yahoo.com> wrote: > On Jan 26, 7:36?pm, unruh <un...(a)wormhole.physics.ubc.ca> wrote: >> On 2010-01-26, john <penetrat...(a)yahoo.com> wrote: >> >> >> >vanessavertu...(a)yahoo.com wrote: >> >> >> [...] > sensible (though arrogance still exist)... for time being. BTW in a > user's point of view, there's no need to familiarize the skeleton if > the result is obvious and I as a user relies on the result. I don't > need to learn the technical blueprint of a thing where I can see > "concretely" its capability otherwise, I won't be using my tractor > without knowing its blueprint as it may jump and drop me off in the > air. Unfortunately that proves that you know nothing about crypto. You cannot "see" the results and deduce anything about crypto. The worst crypto can look just as random in output as the best. That is the problem with crypto. You cannot judge it by its output, as you can most other software. You MUST examine the code in detail, just as your enemy is going to do. And if he breaks the code, he will not tell you. Ie, judging crypto is completely different from judging most other software. > > > On Paulo: > I'm not trolling dude just because I disagree with your concept,... To > all of you, as it seems you're a circle of gentlemen with a common > concept - my sincere Apology if I've scratched your egos... I You have not scratched anyone's ego, your claws are non-existant. You do however threaten to confuse other people. > appreciate your deep knowledge on your own cup of tea, although I'm > not a high flying cryptographer but merely a normal user, I can still > sense that something is just not right (at least in a certain thing) > like giving a verdict to an untested item - nothing less than making a > conclusion without examination - driven merely by hypothesis usually > derived from a closed concept. >
From: Gordon Burditt on 26 Jan 2010 21:44 >By the way dudes, "Perfect Random Key" is a thing of the past and >shouldn't be an issue in today's computing age. If the "perfect random key" is a thing of the past, so is the "one time pad", and no one should be claiming that their software is equivalent to one. And you shouldn't be claiming that it's "theoretically unbreakable". That's also "old school". When I see claims like that, especially in the *name* of a new cryptographic program, it's advertising fraud. The person doing the naming is afraid his code won't deliver what he has promised (and he's virtually always right on that count). The cipher might be more secure than AES and faster, but by claiming theoretical unbreakability, the author has blown any credibility he had. If the ciphertext is of length N bits (and the cipher preserves length), then one can generate 2**(N) possible plaintexts for a real one time pad. (Note that for the one time pad, I don't really even need the ciphertext, only its length. Knowing the ciphertext doesn't even eliminate one possible plaintext out of 2**(N) of them). That's theoretical unbreakability. If the key used in another cipher is of length K bits, where K < N, then I can decrypt the ciphertext with 2**(K) possible keys, giving 2**(K) possible plaintexts. Since K < N and assuming both are integers, (2**(K))/(2**(N)) is 0.5 or less, indicating I have eliminated at least 50% of all possible plaintext. If I can eliminate a possible plaintext, even one out of possibly trillions (without using the argument that the plaintext is supposed to be something known, like English text, rather than a key for a real one-time-pad), it's not theoretically unbreakable. For a true one-time-pad, you need as much key material as message text. Shannon still applies. If you want to move past Shannon, move past the "one time pad" and "theoretically unbreakable", to stream ciphers that have so many possible keys it exceeds the number of particles in the universe. >The optimized power of >the enigma machine is only equivalent to today's bit of a very simple >computer program. Modern computing power works both ways. The bad guys have it as well as the good guys. You can use more complex ciphers, and you can also use it to brute-force much more complicated ciphers than could be done with pencil and paper. >If we look vividly to today's technology, there's >far more interesting thing to consider than the "perfect random key" >of old... "more interesting", yes. "as unbreakable as a one time pad", no. >Shannon's view of perfect randomness is not suitable to >todays computing world... further reading: If you are claiming "my cipher is as good as a one time pad, but with a shorter key" ... BULLSHIT! If you are claiming "my cipher is good enough for practical use in today's computing world" (it might or might not be) ... DON'T CALL IT A ONE TIME PAD!
From: Vanessa on 27 Jan 2010 00:23 On Jan 27, 2:52 am, Paulo Marques <pmarq...(a)grupopie.com> wrote: > vanessavertu...(a)yahoo.com wrote: > > On Jan 27, 1:33 am, Paulo Marques <pmarq...(a)grupopie.com> wrote: > >> vanessavertu...(a)yahoo.com wrote: > >>> [...] > >>> Okay, I will discuss here how Infinite One-Time Pad works according > >>> to available references. This may not be accurate as I may be missing > >>> something but generally it goes like this. > >> Since you seem to be honest and not trolling, I'll try to explain why > >> this doesn't work. > > You're starting to prove me wrong with this last post.... :( > > >>> The PLAIN text is compressed and encoded using series of algorithms. > >>> Let's now call it "Transformed Text". > >> This transformation doesn't involve any kind of encryption with a secret > >> key. So, if an attacker want to test some key, it can try it and run the > >> reverse transformation over the obtained text and see if that works. > > > That is not possible since the "transformed text" is no longer > > available once the "transformed key" is applied. > >[...] > > Foremost, that is not possible since the "transformed text" is not > > available after applying the key. Even if the "transformed text" is > > exposed, the zipping codes you are saying such as "PK" no > > longer exist since it is encoded using series of algorithms. > > Let me try to be clearer. The process you described is: > > PlainText (PT) -> [box of deterministic algorithms] -> > transformed text (TT) -> [transform with secret file + password] -> > cypher text (CT) > > Correct? Correct, but you should know that "Password" is not the only protection you can implement. > > So, now I'm an attacker. I have CT, and want PT. Imagine that I can grab > hold of the secret file, and am trying out passwords to see if any of it > works. > > So if I want to try password P, I take CT -> [reverse transformation > using secret file + P] -> TT. > > Now I need to check if TT is correct or not. You simply need to run: TT > -> [reverse box of deterministic algorithms] -> PT and test the > resulting PT to see if it is a valid plaintext. > > So the [box of deterministic algorithms] doesn't help at all. And when I > say that it might even make it worse, is because the reverse > transformation might fail for some TT's which can be immediately > perceived by the attacker as a "wrong password", without even needing to > check the actual plaintext. So now, you've resorted to "Brute Force". Unfortunately, in Infinite One-Time Pad, you can use a password of any length. Why not download the trial version to see for yourself? You can even use the whole content of a book if that's what you prefer. Let's say that the possible character you can type is 92 and the length of the password is 16, the total possiblities will be 92 ^ 16. Even if the fastest computer in the world is used it will take trillions of years to try them all. How much more if the length is longer? > > >>> Now, the key is extracted from a secret file of your choice and > >>> again it is filtered and encoded > >> The point here is key distribution: if you need to send your encrypted > >> file to someone you need to also send the "secret file". At this point, > >> is not secret anymore. > > > There is no problem sending the "Secret File". It can be pre-arranged. > > It could be that the file is already with him. > > That is exactly the problem! If you have one algorithm, where Bob can > send the public key in the clear to Alice and keep the private key > private, and receive an encrypted file from Alice that only he can > decrypt, why should you use a worse algorithm that forces you to > "pre-arrange" the keys over a secure channel? Use Infinite One-Time Pad if maximum security is desired. If not, then use other algorithms. You can read it here. http://www.hiddentools.com/io-tp/art3.html > > >>> and you have a chance to insert any word or characters at any location > >>> to modify it further. If you type a password, each character of the > >> password > >>> re-encodes the modified key. Let's call the result as "Transformed > >>> Key". > >> This is not very different from key strengthening. It is just slightly > >> worse than any other algorithm out there. > > > You have no basis of saying that. > > Of course I have. In typical key strengthening algorithms you take the > user-readable password and re-hash it N times. You can select that N as > a trade-off between speed and strength. This way you have a real measure > of the strengthening effort. > > "each character of the password re-encodes the modified key" sounds very > weak, because with small passwords you'll just have very few modifications. It is stated that key has undergone series of transformations after extraction from the key file. Transformations due to password are just extras. > > >>> I CHALLENGE EVERYONE to present a solution on how to attack > >>> the ciphertext. You can find available "cryptanalysis" techniques here > >>>http://en.wikipedia.org/wiki/Cryptanalysis. Study the attacks then > >>> show how it could be used against Infinite One-Time Pad's > >>> ciphertext at least logically. > >> You're talking to the crowd that wrote that wikipedia page, so you get > >> no points for insulting everyone. > > > It is not an insult. It is a challenge. > > The insult part is the "go read it and learn". Many people here know > very well all the theory that is explained in Wikipedia. Even more, > Wikipedia just has mostly the basics. If you're serious about > cryptography you really need to at least read a few books. Okay, I'm sorry if that has insulted you. That is just a reference for readers who don't know about it anyway because the challenge is addressed to everyone. > > > If somebody is successful, then it > > could be published on wiki. The technique will be seen by the > > community and would be a good educational material. > > Are you going to pay for my time? No, not me. > > > Who knows somebody can invent a new cryptanalytic > > method for this kind of encryption technique. > > There is nothing new here, just gibberish. > > >> If you compare that algorithm with something like GnuPG (for instance), > >> you'll notice how key distribution is much easier and secure with GnuPG > >> (and free). > > > How did you know? Do you know the algorithms used in Infinite > > One-Time Pad? > > I know because GnuPG is a public key algorithm, as opposed to a > symmetric key algorithm like this one. Key distribution must be harder > as a direct consequence. > > Even the name "Infinite One-Time Pad" sounds like snake oil. Anyone here > can tell you that. "Snake Oil"? this is the default term used if the algorithm of a certain crypto system is not exposed. Do we need the author to expose everything? I think the expanation is already enough to see the strength. > > Anyway, consider this my last effort to explain this. If you still can't > get it, then I'll consider that you're just trolling like john. > I'm not trolling, my reasons for believing on the strength of Infinite One-Time Pad is justified. Sometimes we have to consider other possibilities. Fundamental theories are beneficial but do not confine yourself with them. As John said, this is dangerous to the advancement of cryptography. Computer technology is rapidly advancing. We should move forward, consider and explore posibilities so cryptography will no left behind. "The man who follows the crowd will usually get no further than the crowd. The man who walks alone is likely to find himself in places no one has ever been." - Alan Ashley - Pitt You can be the next Shannon. > -- > Paulo Marques -www.grupopie.com > > "Prediction is hard. Especially of the future." > Niels Bohr
From: WTShaw on 27 Jan 2010 01:09 On Jan 26, 11:23 pm, Vanessa <vanessavertu...(a)yahoo.com> wrote: > On Jan 27, 2:52 am, Paulo Marques <pmarq...(a)grupopie.com> wrote: > > > > > vanessavertu...(a)yahoo.com wrote: > > > On Jan 27, 1:33 am, Paulo Marques <pmarq...(a)grupopie.com> wrote: > > >> vanessavertu...(a)yahoo.com wrote: > > >>> [...] > > >>> Okay, I will discuss here how Infinite One-Time Pad works according > > >>> to available references. This may not be accurate as I may be missing > > >>> something but generally it goes like this. > > >> Since you seem to be honest and not trolling, I'll try to explain why > > >> this doesn't work. > > > You're starting to prove me wrong with this last post.... :( > > > >>> The PLAIN text is compressed and encoded using series of algorithms.. > > >>> Let's now call it "Transformed Text". > > >> This transformation doesn't involve any kind of encryption with a secret > > >> key. So, if an attacker want to test some key, it can try it and run the > > >> reverse transformation over the obtained text and see if that works. > > > > That is not possible since the "transformed text" is no longer > > > available once the "transformed key" is applied. > > >[...] > > > Foremost, that is not possible since the "transformed text" is not > > > available after applying the key. Even if the "transformed text" is > > > exposed, the zipping codes you are saying such as "PK" no > > > longer exist since it is encoded using series of algorithms. > > > Let me try to be clearer. The process you described is: > > > PlainText (PT) -> [box of deterministic algorithms] -> > > transformed text (TT) -> [transform with secret file + password] -> > > cypher text (CT) > > > Correct? > > Correct, but you should know that "Password" is not the only > protection > you can implement. > > > > > > > So, now I'm an attacker. I have CT, and want PT. Imagine that I can grab > > hold of the secret file, and am trying out passwords to see if any of it > > works. > > > So if I want to try password P, I take CT -> [reverse transformation > > using secret file + P] -> TT. > > > Now I need to check if TT is correct or not. You simply need to run: TT > > -> [reverse box of deterministic algorithms] -> PT and test the > > resulting PT to see if it is a valid plaintext. > > > So the [box of deterministic algorithms] doesn't help at all. And when I > > say that it might even make it worse, is because the reverse > > transformation might fail for some TT's which can be immediately > > perceived by the attacker as a "wrong password", without even needing to > > check the actual plaintext. > > So now, you've resorted to "Brute Force". Unfortunately, in Infinite > One-Time Pad, you can use a password of any length. > Why not download the trial version to see for yourself? > You can even use the whole content of a book if that's what you > prefer. Let's say that the possible character you can type is 92 and > the > length of the password is 16, the total possiblities will be 92 ^ 16. > Even > if the fastest computer in the world is used it will take trillions of > years > to try them all. How much more if the length is longer? > > > > > >>> Now, the key is extracted from a secret file of your choice and > > >>> again it is filtered and encoded > > >> The point here is key distribution: if you need to send your encrypted > > >> file to someone you need to also send the "secret file". At this point, > > >> is not secret anymore. > > > > There is no problem sending the "Secret File". It can be pre-arranged.. > > > It could be that the file is already with him. > > > That is exactly the problem! If you have one algorithm, where Bob can > > send the public key in the clear to Alice and keep the private key > > private, and receive an encrypted file from Alice that only he can > > decrypt, why should you use a worse algorithm that forces you to > > "pre-arrange" the keys over a secure channel? > > Use Infinite One-Time Pad if maximum security is desired. > If not, then use other algorithms. You can read it here.http://www.hiddentools.com/io-tp/art3.html > > > > > > > >>> and you have a chance to insert any word or characters at any location > > >>> to modify it further. If you type a password, each character of the > > >> password > > >>> re-encodes the modified key. Let's call the result as "Transformed > > >>> Key". > > >> This is not very different from key strengthening. It is just slightly > > >> worse than any other algorithm out there. > > > > You have no basis of saying that. > > > Of course I have. In typical key strengthening algorithms you take the > > user-readable password and re-hash it N times. You can select that N as > > a trade-off between speed and strength. This way you have a real measure > > of the strengthening effort. > > > "each character of the password re-encodes the modified key" sounds very > > weak, because with small passwords you'll just have very few modifications. > > It is stated that key has undergone series of transformations after > extraction > from the key file. Transformations due to password are just extras. > > > > > >>> I CHALLENGE EVERYONE to present a solution on how to attack > > >>> the ciphertext. You can find available "cryptanalysis" techniques here > > >>>http://en.wikipedia.org/wiki/Cryptanalysis. Study the attacks then > > >>> show how it could be used against Infinite One-Time Pad's > > >>> ciphertext at least logically. > > >> You're talking to the crowd that wrote that wikipedia page, so you get > > >> no points for insulting everyone. > > > > It is not an insult. It is a challenge. > > > The insult part is the "go read it and learn". Many people here know > > very well all the theory that is explained in Wikipedia. Even more, > > Wikipedia just has mostly the basics. If you're serious about > > cryptography you really need to at least read a few books. > > Okay, I'm sorry if that has insulted you. That is just a reference > for readers who don't know about it anyway because the challenge > is addressed to everyone. > > > > > > If somebody is successful, then it > > > could be published on wiki. The technique will be seen by the > > > community and would be a good educational material. > > > Are you going to pay for my time? > > No, not me. > > > > > > > > Who knows somebody can invent a new cryptanalytic > > > method for this kind of encryption technique. > > > There is nothing new here, just gibberish. > > > >> If you compare that algorithm with something like GnuPG (for instance), > > >> you'll notice how key distribution is much easier and secure with GnuPG > > >> (and free). > > > > How did you know? Do you know the algorithms used in Infinite > > > One-Time Pad? > > > I know because GnuPG is a public key algorithm, as opposed to a > > symmetric key algorithm like this one. Key distribution must be harder > > as a direct consequence. > > > Even the name "Infinite One-Time Pad" sounds like snake oil. Anyone here > > can tell you that. > > "Snake Oil"? this is the default term used if the algorithm of a > certain crypto > system is not exposed. Do we need the author to expose everything? I > think the expanation is already enough to see the strength. > > > > > Anyway, consider this my last effort to explain this. If you still can't > > get it, then I'll consider that you're just trolling like john. > > I'm not trolling, my reasons for believing on the strength of Infinite > One-Time Pad is justified. Sometimes we have to consider other > possibilities. Fundamental theories are beneficial but do not confine > yourself with them. As John said, this is dangerous to the > advancement of cryptography. Computer technology is rapidly > advancing. We should move forward, consider and explore > posibilities so cryptography will no left behind. > > "The man who follows the crowd will usually get no further than > the crowd. The man who walks alone is likely to find himself in > places no one has ever been." - Alan Ashley - Pitt > > You can be the next Shannon. > > > -- > > Paulo Marques -www.grupopie.com > > > "Prediction is hard. Especially of the future." > > Niels Bohr As you advance, forget not where you have been and what you learned to even get there. The burden of knowledge is inclusive.
From: Gordon Burditt on 27 Jan 2010 03:47
>> >> The point here is key distribution: if you need to send your encrypted >> >> file to someone you need to also send the "secret file". At this point, >> >> is not secret anymore. >> >> > There is no problem sending the "Secret File". It can be pre-arranged. That doesn't work for all situations. It would if you can send a monthly DVD of random data by diplomatic courier. It might not if you can only communicate by radio, and have to keep the transmissions short to avoid radio detection trucks from locating you. During a war, most prisoners of war who were also conducting sabotage weren't able to return to London for a conference (and picking up crypto keys) overnight without the Nazis noticing, because they have smarter guards than Sgt. Schultz and Col. Klink. How strong is the encryption if the only shared key you can use is what you can write on two 1-inch by 1-inch Post-it notes in 2 minutes - you keep one copy and pass the other to him in a detention center, hoping you'll be released later, and hopefully the two copies are the same. >> > It could be that the file is already with him. >> >> That is exactly the problem! If you have one algorithm, where Bob can >> send the public key in the clear to Alice and keep the private key >> private, and receive an encrypted file from Alice that only he can >> decrypt, why should you use a worse algorithm that forces you to >> "pre-arrange" the keys over a secure channel? > >Use Infinite One-Time Pad if maximum security is desired. No, sending the key by IOTP and then using it as a key for IOTP makes it a ITTP (Infinite Two-Time Snake Pad). >> > Do you know the algorithms used in Infinite >> > One-Time Pad? I know that if the key doesn't have to be at least as long as the message, and if it's used more than once, it's *NOT* a One-Time Pad. >> Even the name "Infinite One-Time Pad" sounds like snake oil. Anyone here >> can tell you that. > >"Snake Oil"? this is the default term used if the algorithm of a >certain crypto >system is not exposed. This is also the term *I* use if the name of an encryption algorithm misrepresents what it is. The "Infinite One-Time Pad" is not infinite and it's not a one-time pad. If you don't want to be limited by Shannon, stop calling it a one-time pad. Use a more reasonable name like "Fred's Ultra Complicated Krypto". Go for a better claim, like, "it's faster than AES and just as secure" (if, in fact, it is, which I doubt, but it would take a lot longer for me to disprove it). >Do we need the author to expose everything? I >think the expanation is already enough to see the strength. You don't "see the strength". A large number of experts fail to find weaknesses over a period of time. A technique which applies a random number of ROT-13 operations between 1 and one trillion to each character of a message is a lot weaker than the one trillion number makes it appear. >I'm not trolling, my reasons for believing on the strength of Infinite >One-Time Pad is justified. The strength of the *NAME* "Infinite One-Time Pad" may approach infinite stench. The strength of encryption isn't primarily based on the length of time for a brute-force attack. The attempt is usually phrased as "My penis^H^H^H^H^Hkey is *SO* enormous that ... " >Sometimes we have to consider other >possibilities. Fundamental theories are beneficial but do not confine >yourself with them. You mean I don't have to bother with laws of gravity when trying to aim missiles, either? Or worry about pesky limits like 2+2=4? |