Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Richard Herring on 27 Jan 2010 06:46 In message <8585156a-3e2e-44ee-b36e-4fdbbd456e0e(a)m25g2000yqc.googlegroups.com>, Vanessa <vanessavertudez(a)yahoo.com> writes >> Worse, there's no guarantee that the "key modification" produces a >> sequence that's random in the first place. Since the original "secret >> file" might contain anything, and the modification process might well be >> unexpectedly non-random (see Knuth's description of his "super-random" >> generator for a classic example) the modification process might amplify >> any correlations in the file, to the point where nothing's left but a >> simple polyalphabetic cipher. >> > >Even if the modification is not random (say i typed my name then >replace >some characters with my surname), the characters will change after I >type my password. It will undergo irreversible transformation. Why not >try >it so you can see. Whether it's an "irreversible transformation" is irrelevant. What matters is whether the resulting key stream is a random sequence. If it isn't, you can extract information about the plaintext *without knowing the key*. -- Richard Herring
From: Vanessa on 27 Jan 2010 06:57 On Jan 27, 4:47 pm, gordonb.ew...(a)burditt.org (Gordon Burditt) wrote: > >> >> The point here is key distribution: if you need to send your encrypted > >> >> file to someone you need to also send the "secret file". At this point, > >> >> is not secret anymore. > > >> > There is no problem sending the "Secret File". It can be pre-arranged. > > That doesn't work for all situations. It would if you can send a > monthly DVD of random data by diplomatic courier. It might not if > you can only communicate by radio, and have to keep the transmissions > short to avoid radio detection trucks from locating you. During a > war, most prisoners of war who were also conducting sabotage weren't > able to return to London for a conference (and picking up crypto > keys) overnight without the Nazis noticing, because they have smarter > guards than Sgt. Schultz and Col. Klink. > > How strong is the encryption if the only shared key you can use is > what you can write on two 1-inch by 1-inch Post-it notes in 2 minutes > - you keep one copy and pass the other to him in a detention center, > hoping you'll be released later, and hopefully the two copies are > the same. A secret file can be used multiple times as long as different password and key modification is used. Unfortunately, Infinite One-Time Pad is not applicable if you are detained since you may not be given access to a computer nor be able to install the software. > > >> > It could be that the file is already with him. > > >> That is exactly the problem! If you have one algorithm, where Bob can > >> send the public key in the clear to Alice and keep the private key > >> private, and receive an encrypted file from Alice that only he can > >> decrypt, why should you use a worse algorithm that forces you to > >> "pre-arrange" the keys over a secure channel? > > >Use Infinite One-Time Pad if maximum security is desired. > > No, sending the key by IOTP and then using it as a key for IOTP > makes it a ITTP (Infinite Two-Time Snake Pad). > > >> > Do you know the algorithms used in Infinite > >> > One-Time Pad? > > I know that if the key doesn't have to be at least as long as the > message, and if it's used more than once, it's *NOT* a One-Time Pad. According to the author, Infinite One-Time Pad is a modern implementation of OTP. It is tailored to today's technology so don't expect it to be exactly the same. > > >> Even the name "Infinite One-Time Pad" sounds like snake oil. Anyone here > >> can tell you that. > > >"Snake Oil"? this is the default term used if the algorithm of a > >certain crypto > >system is not exposed. > > This is also the term *I* use if the name of an encryption algorithm > misrepresents what it is. The "Infinite One-Time Pad" is not > infinite and it's not a one-time pad. If you don't want to be > limited by Shannon, stop calling it a one-time pad. Use a more > reasonable name like "Fred's Ultra Complicated Krypto". Go for a > better claim, like, "it's faster than AES and just as secure" (if, > in fact, it is, which I doubt, but it would take a lot longer for > me to disprove it). > If you want it to function just like the true One-Time Pad, do this... With your eyes blindfolded, type on your keyboard using one finger until the length of the key is reached then use that key. > >Do we need the author to expose everything? I > >think the expanation is already enough to see the strength. > > You don't "see the strength". A large number of experts fail to > find weaknesses over a period of time. A technique which applies > a random number of ROT-13 operations between 1 and one trillion to > each character of a message is a lot weaker than the one trillion > number makes it appear. You're right but it is unfair to call it a BS if it is not proven. > > >I'm not trolling, my reasons for believing on the strength of Infinite > >One-Time Pad is justified. > > The strength of the *NAME* "Infinite One-Time Pad" may approach > infinite stench. > > The strength of encryption isn't primarily based on the length of > time for a brute-force attack. The attempt is usually phrased as > "My penis^H^H^H^H^Hkey is *SO* enormous that ... " > You are right if the ciphertext leaks information. > >Sometimes we have to consider other > >possibilities. Fundamental theories are beneficial but do not confine > >yourself with them. > > You mean I don't have to bother with laws of gravity when trying > to aim missiles, either? Or worry about pesky limits like 2+2=4? What I mean is be open for changes. Do not close your mind. Don't behave like an elephant. They use strong ropes to control an elephant when it is still young. It will resist at first putting all his strength until it gives up. When it is aready an adult, a thin rope can be used to control it and it will no longer resist because it has already been planted on his mind that no matter how hard he tries, he cannot break the rope.
From: Vanessa on 27 Jan 2010 07:11 On Jan 27, 7:46 pm, Richard Herring <junk@[127.0.0.1]> wrote: > In message > <8585156a-3e2e-44ee-b36e-4fdbbd456...(a)m25g2000yqc.googlegroups.com>, > Vanessa <vanessavertu...(a)yahoo.com> writes > > >> Worse, there's no guarantee that the "key modification" produces a > >> sequence that's random in the first place. Since the original "secret > >> file" might contain anything, and the modification process might well be > >> unexpectedly non-random (see Knuth's description of his "super-random" > >> generator for a classic example) the modification process might amplify > >> any correlations in the file, to the point where nothing's left but a > >> simple polyalphabetic cipher. > > >Even if the modification is not random (say i typed my name then > >replace > >some characters with my surname), the characters will change after I > >type my password. It will undergo irreversible transformation. Why not > >try > >it so you can see. > > Whether it's an "irreversible transformation" is irrelevant. What > matters is whether the resulting key stream is a random sequence. If it > isn't, you can extract information about the plaintext *without knowing > the key*. > As the author said, random key is necessary in the case of the True One-Time Pad because the key is directly applied with the text. In the case of the Infinite One-Time Pad where the plain text is compressed and then transformed several times this is not necessary anymore. Once the key is used, the transformed text is no longer visible. How can you deduce information about the plain text then? > -- > Richard Herring
From: Richard Herring on 27 Jan 2010 08:23 In message <0277d379-6d76-4754-b99d-df8e13316c97(a)r19g2000yqb.googlegroups.com>, Vanessa <vanessavertudez(a)yahoo.com> writes >On Jan 27, 7:46�pm, Richard Herring <junk@[127.0.0.1]> wrote: >> In message >> <8585156a-3e2e-44ee-b36e-4fdbbd456...(a)m25g2000yqc.googlegroups.com>, >> Vanessa <vanessavertu...(a)yahoo.com> writes >> >> >> Worse, there's no guarantee that the "key modification" produces a >> >> sequence that's random in the first place. Since the original "secret >> >> file" might contain anything, and the modification process might well be >> >> unexpectedly non-random (see Knuth's description of his "super-random" >> >> generator for a classic example) the modification process might amplify >> >> any correlations in the file, to the point where nothing's left but a >> >> simple polyalphabetic cipher. >> >> >Even if the modification is not random (say i typed my name then >> >replace >> >some characters with my surname), the characters will change after I >> >type my password. It will undergo irreversible transformation. Why not >> >try >> >it so you can see. >> >> Whether it's an "irreversible transformation" is irrelevant. What >> matters is whether the resulting key stream is a random sequence. If it >> isn't, you can extract information about the plaintext *without knowing >> the key*. >> > >As the author said, random key is necessary in the case of the True >One-Time Pad because the key is directly applied with the text. No, that's not why it's necessary. -- Richard Herring
From: Noob on 27 Jan 2010 09:10
Bruce Stephens wrote: > If you want software that's not a one-time pad but claims to be as good > as, why not choose a free one? For example, Adacrypt Hold on a minute. Are you seriously recommending Adacrypt's snake oil? |