Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: john on 27 Jan 2010 16:23 On Jan 27, 4:54 pm, Noob <r...(a)127.0.0.1> wrote: > Vanessa wrote: > > "Knowing the exact details"? The person who gave a verdict of > > being a BS to the software does not even know how to use it. > > He does not know what he is talking about at the time he issued > > his comments. Don't you know that you cannot judge a book by > > its cover? So do not call a software a BS if you do not know much > > about it. > > Are you done astroturfing yet ??? --- There are loads of rubbish replies in here "btw if a person is screwed he'll do nothing else than troll, i can't blame him". You seems to know better vanessa, open their locked mind but be careful though otherwise they will gonna tell you that you're insulting them as you're giving advise to the super-intelligent cryptoanalyzers in the whole wide world as they may think they are. I'm wasting my time in here now, I got my own cup of tea to look up to. People in this forum, THANKS FOR YOUR TIME!
From: Richard Herring on 28 Jan 2010 05:10 In message <353e01c1-5dfa-40d6-bbd0-b68614275741(a)m25g2000yqc.googlegroups.com>, john <penetratorv(a)yahoo.com> writes > >> >> Whether it's an "irreversible transformation" is irrelevant. What >> matters is whether the resulting key stream is a random sequence. If it >> isn't, you can extract information about the plaintext *without knowing >> the key*. >> >- Shannon really has been so successful to get a "extremely die hard" >disciple of perfect randomness obscession. I think the obsession lies elsewhere. Like with anyone claiming that a (pseudo-) OTP is "the most advanced cryptography software I've ever seen so far" and "it implements the concept of the true One-Time Pad to �produce a ciphertext that is unbreakable." >You're a legend Shannon! >'fortunately, Shannon didn't setup a his own "religion of perfect >randomness". Right. And most serious practical cryptosystems in use today don't claim to offer perfect secrecy. That's left to the advocates of pseudo-OTP systems, like you. So I guess if there were such a religion, you'd be a good candidate for the job of High Priest. -- Richard Herring
From: rossum on 28 Jan 2010 10:12 On Thu, 28 Jan 2010 10:10:26 +0000, Richard Herring <junk@[127.0.0.1]> wrote: >In message ><353e01c1-5dfa-40d6-bbd0-b68614275741(a)m25g2000yqc.googlegroups.com>, >john <penetratorv(a)yahoo.com> writes >> >>> >>> Whether it's an "irreversible transformation" is irrelevant. What >>> matters is whether the resulting key stream is a random sequence. If it >>> isn't, you can extract information about the plaintext *without knowing >>> the key*. >>> >>- Shannon really has been so successful to get a "extremely die hard" >>disciple of perfect randomness obscession. > >I think the obsession lies elsewhere. Like with anyone claiming that a >(pseudo-) OTP is "the most advanced cryptography software I've ever seen >so far" That might actually be true, perhaps the previously "most advanced cryptography software" he had seen implemented ROT-13. :) >and "it implements the concept of the true One-Time Pad to > produce a ciphertext that is unbreakable." That is of course bullshit. Either it is a One Time Pad, with all the well known advantages and disadvanteges, or it is not. This software is not and the fact that its makers insist on calling it OTP indicate that either they know very little about cryptography or that they are selling snake oil. That was an inclusive 'or'. This software is to be avoided. There is plenty of free software that is more trustworthy than this. rossum > >>You're a legend Shannon! >>'fortunately, Shannon didn't setup a his own "religion of perfect >>randomness". > >Right. And most serious practical cryptosystems in use today don't claim >to offer perfect secrecy. That's left to the advocates of pseudo-OTP >systems, like you. So I guess if there were such a religion, you'd be a >good candidate for the job of High Priest.
From: Vanessa on 28 Jan 2010 13:22 On Jan 28, 5:23 am, john <penetrat...(a)yahoo.com> wrote: > On Jan 27, 4:54 pm, Noob <r...(a)127.0.0.1> wrote: > > > Vanessa wrote: > > > "Knowing the exact details"? The person who gave a verdict of > > > being a BS to the software does not even know how to use it. > > > He does not know what he is talking about at the time he issued > > > his comments. Don't you know that you cannot judge a book by > > > its cover? So do not call a software a BS if you do not know much > > > about it. > > > Are you done astroturfing yet ??? > > --- There are loads of rubbish replies in here "btw if a person is > screwed he'll do nothing else than troll, i can't blame him". > You seems to know better vanessa, open their locked mind but be > careful though otherwise they will gonna tell you that you're > insulting them as you're giving advise to the super-intelligent > cryptoanalyzers in the whole wide world as they may think they are. > I'm wasting my time in here now, I got my own cup of tea to look up > to. People in this forum, THANKS FOR YOUR TIME! Before I leave this forum I want to make my points clear to everybody, Let me discuss again the issue so as the readers will understand why I believe that Infinite One-Time Pad is unbreakable. I will also compare it with the legendary One-Time Pad so you can see the difference. The legendary One-Time Pad uses perfect random key while Infinite One-Time Pad does not require perfect randomness. This is the reason why majority here carelessly gave verdict to the software as B*S*, Snake Oil, Rubbish, etc. Lets examine why the legendary One-Time Pad needs a perfect random key to make it unbreakable. The strength of the legendary OTP lies on the key. If the key is not truly random, the ciphertext could leak information. The information leak is enough for the cryptanalyst to deduce the plain text. For example, if a word on the plain text is known (common words like THE, AND, FOR, etc), the cryptanalyst could play on the key using cryptanalysis techniques until a known word is revealed. This will give the cryptanalyst a clue about how the key is generated. If not perfectly random, say a PRNG is used; the cryptanalyst could try different seeds until he succeeds. If the key is generated by an algorithm, the cipher is compromised once the algorithm is known. This is the problem with the legendary One-Time Pad. Unless the key is truly random, the ciphertext is just like a piece of puzzle to the attacker. If part of the plain text is revealed, other parts becomes easier to deduce. It is clear now why the legendary One-Time Pad requires the key to be truly random. Now, lets examine the Infinite One-Time Pad. Before I proceed, I just want to note that I will be adding Questions for those who are in doubt about the security because Im sure many readers are fanatics of the Perfect Random Theory. Infinite One-Time Pad does not require the key to be truly random. Let me present how the encryption is done according to my knowledge of the software based from the authors article. You may download a copy of the software at http://www.hiddentools.com so you can follow the following steps better. 1. When you click the Encrypt button. The software compresses the plain text in memory to eliminate regularities. After compression, it transforms the compressed text using algorithms. Lets call this the Transformed Text. 2. You will now have the option to select a file you want to use as key. The software extracts the key from this file. The extracted key is filtered and transformed using series of different irreversible algorithms. Lets call this the Transformed Key. (Note: You may type a random key if you do not want to use a key file. In this case the software behaves like the legendary One-Time Pad). 3. The software gives you a chance to modify the Transformed Key. You may insert or replace characters at any location you wish. 4. You can now type the password. Each character of the password re-encodes the transformed key using series of irreversible algorithms. This will eliminate regularities hence it doesnt matter if your key modification is an English word. Let me show you a very simple irreversible transformation. Let say the letter to be transformed is letter A which is equivalent to 65 in decimal. If we add the digits, it becomes 11. Even if we know the sum and the operation used (addition), we are uncertain about the original number (65) because there are so many possibilities. To list them all: 029, 038, 047, 056, 065, 074, 083, 092, 119, 128, 137, 146, 155, 164, 173, 182, 191, 209, 218, 227, 236, and 245. There are 22 possibilities all in all. Somebody commented that if the software is reverse engineered and the algorithms are discovered, the ciphertext will be compromised. Now you can see that it is not since the algorithms are irreversible. Knowing the text and the algorithm used does not lead you to the text prior to transformation. And notice that the key is transformed using series of different irreversible algorithms more complex than what I presented here. The author is aware of this thats why he said If a secret algorithm is used on software, a clever hacker could possibly analyze and derive the algorithm. Secure encryption software therefore must not rely on the secrecy of the methods or algorithms used. http://www.hiddentools.com/io-tp/art2.html. Let's continue. After the transformations due to password, lets now call the transformed key the Final Key. Note that the final key does not contain information about the key modification and the password. If you say otherwise, answer these questions. QUESTION #1: How can you derive the Secret Key Modification? What particular cryptanalytic attack will you use? How? QUESTION #2: How can you determine the password? What particular cryptanalytic attack will you use? How? 5. Finally when you click on Use Key, the Final Key is applied to the Transformed Text in 1. Before answering Questions 1 and 2, notice that the Final Key is no longer visible. What you see now is the ciphertext. This leads to question number 3. QUESTION #3: How can you determine the Final Key? What particular cryptanalytic attack will you use? How? QUESTION #4: How can you deduce the Transformed text from the ciphertext? What particular cryptanalytic attack will you use? How? I hope my points are clear now. Unless you can provide credible answers to the questions above, you have no right of accusing Infinite One-Time Pad as B*S*, Snake Oil, etc. I hope it is apparent that perfect random key is not necessary in the case of Infinite One-Time Pad because the Transformed Text does not leak information. This does not nullify Shannons Perfect Random Key principle. That is still valid in the case of the legendary One-Time Pad. It is important that we understand the underlying reasons. Dont just believe and believe because it came from experts, authorities, books, majority, etc. You must understand the reasons why. In every rule there is an exemption. Im sorry John; I cant help giving advices again. If we confine ourselves on Shannons theory without thinking why, we cannot improve the legendary One-Time Pad. Improvement does not require us to retain all its properties. Dont say again That is not a One-Time Pad therefore that is not unbreakable. As John said, this can be compared to That is not a helicopter therefore it cant fly. You should ask That is not a helicopter, how can it fly? Dont say again That doesnt use a perfect random key therefore it is insecure. This can be compared to That has no propeller therefore it cannot elevate. You should ask HOW? Dont say again That is pseudo One-Time Pad therefore it is not unbreakable, that is Snake Oil, that is a BS, Useless, Pointless, Rubbish To those who are fanatics of the Perfect Random Key theory, its time for you to wake up. Do not act like an elephant. In Shannons time the elephant is still young. The elephant has grown up and now stronger than the rope. Its time to unlock your mind and explore possibilities. We are living in a changing world and evolution does not stop. We are now in the computer age. Pencil and Paper is over. I hope you will take this advice. I wish you good luck.
From: john on 28 Jan 2010 14:28
> > Dont say again That is pseudo One-Time Pad therefore it is not > unbreakable, that is Snake Oil, that is a BS, Useless, Pointless, > Rubbish > > To those who are fanatics of the Perfect Random Key theory, > its time for you to wake up. Do not act like an elephant. > In Shannons time the elephant is still young. The elephant has > grown up and now stronger than the rope. Its time to unlock your > mind and explore possibilities. > > We are living in a changing world and evolution does not stop. > We are now in the computer age. Pencil and Paper is over. > > I hope you will take this advice. I wish you good luck. - Just a quick one dude.. (With all due respect) I believe this message should apply to the "crowd" whether you're 20+ years in programming/computer industry, etc. or authored hundreds of books - doesn't matter as the issue in here is not about history and achievement but justification of the present issue, if you've really got the balls then prove it. I also got more than 20 years of electrical engineering experience in my pocket and every single year of my experience is relevant to my passion. Btw computer age is always changing, your 10 years expertise of cobol, fortran, turbo pascal, etc. might be of very small use - good as newbie in today's advanced programming, so please be open-minded at all times.... |