Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: john on 28 Jan 2010 14:51 > Dont say again That is pseudo One-Time Pad therefore it is not > unbreakable, that is Snake Oil, that is a BS, Useless, Pointless, > Rubbish > To those who are fanatics of the Perfect Random Key theory, > its time for you to wake up. Do not act like an elephant. > In Shannons time the elephant is still young. The elephant has > grown up and now stronger than the rope. Its time to unlock your > mind and explore possibilities. > We are living in a changing world and evolution does not stop. > We are now in the computer age. Pencil and Paper is over. > I hope you will take this advice. I wish you good luck. - Just a quick one dude.. (With all due respect) I believe this message should apply to the "crowd" whether you're 20+ years in programming/computer industry, etc. or authored hundreds of books - doesn't matter as the issue in here is not about history and achievement but justification of the present issue, if you've really got the balls then prove that IOTP is weak don't just jump into conclusion that it is rubbish or bs, etc. To make your statement stronger, why not try using it? Just imagining a certain fact is sometimes deceiving or misinformative. I also got more than 20 years of electrical engineering experience in my pocket and every single year of my experience is relevant to my passion. Btw computer age is always changing, your 10 years expertise of cobol, fortran, turbo pascal, etc. might be of very small use - good as newbie in today's advanced programming, so please be open-minded at all times....
From: john on 28 Jan 2010 14:52 > Dont say again That is pseudo One-Time Pad therefore it is not > unbreakable, that is Snake Oil, that is a BS, Useless, Pointless, > Rubbish > To those who are fanatics of the Perfect Random Key theory, > its time for you to wake up. Do not act like an elephant. > In Shannons time the elephant is still young. The elephant has > grown up and now stronger than the rope. Its time to unlock your > mind and explore possibilities. > We are living in a changing world and evolution does not stop. > We are now in the computer age. Pencil and Paper is over. > I hope you will take this advice. I wish you good luck. - Just a quick one dude.. (With all due respect) I believe this message should apply to the "crowd" whether you're 20+ years in programming/computer industry, etc. or authored hundreds of books - doesn't matter as the issue in here is not about history and achievement but justification of the present issue, if you've really got the balls then prove that IOTP is weak don't just jump into conclusion that it is rubbish or bs, etc. To make your statement stronger, why not try using it? Just imagining a certain fact is sometimes deceiving or misinformative. I also got more than 20 years of electrical engineering experience in my pocket and every single year of my experience is relevant to my passion. Btw computer age is always changing, your 10 years expertise of cobol, fortran, turbo pascal, etc. might be of very small use - good as newbie in today's advanced programming, so please be open-minded at all times....
From: Vanessa on 28 Jan 2010 23:52 > > QUESTION #2: How can you determine the password? > > What particular cryptanalytic attack will you use? How? > > Selective brute force, starting with more probable passwords. I say again, the length of the password is not limited. The password is up to the user. If the information is too critical, then he should use a long and strong password. Memorizing a long password is not a problem if you are creative. For example "@~The quick brown fox jumps over the lazy dog - Vanessa472^#". This is easy to memorize yet very long. Again, even if the password is correct if the "Secret Modification" is wrong, it won't decrypt. How can you get the exact word or character used in the modification. How can you get the exact location. How can you determine if it has replaced some characters or simply inserted. Trying all the possibilities will take you forever to decryt the ciphertext. Even though the author did not exposed the actual algorithms the security of the encryption based from the concept is already manifested. I believe on the security not because the author say it is secured.
From: Vanessa on 29 Jan 2010 00:10 > > QUESTION #3: How can you determine the Final Key? > > What particular cryptanalytic attack will you use? How? > > You take the cyphertext, run the same algorithms that the program uses > to decrypt it with your tentative password, until it results on a good > plaintext. You can do such desperate attack on any cryptosystem as well. Unfortunately, in Infinite One-Time Pad, that is hopeless if you do not know the other protections (Secret File, Secret Modification, Secret Code). You might be able to Brute Force the password of other cryptosystems but not in IO-TP.
From: john on 29 Jan 2010 01:35
On Jan 29, 5:10 am, Vanessa <vanessavertu...(a)yahoo.com> wrote: > > > QUESTION #3: How can you determine the Final Key? > > > What particular cryptanalytic attack will you use? How? > > > You take the cyphertext, run the same algorithms that the program uses > > to decrypt it with your tentative password, until it results on a good > > plaintext. > > You can do such desperate attack on any cryptosystem > as well. Unfortunately, in Infinite One-Time Pad, that is > hopeless if you do not know the other protections (Secret File, > Secret Modification, Secret Code). > > You might be able to Brute Force the password of other > cryptosystems but not in IO-TP. - That's why dude, with my years of experience securing design data I found the software simply the best and is very handy and easy to use - I've never had trouble using it. You're right, password is not difficult to fabricate and memorize, I don't know about Paulo maybe he struggled to memorize the "quick brown fox dah dah dah......". Ask a college junior and he'll tell you the resistor colour codes via "Bad Boys R*ped Old....." and a school boy telling you the colour of a rainbow "Richard Of York Goes Battling.....". Frankly, some encryption software around specially the well exposed open-sources and other free softwares are just absolute shites,... you really just get what you pay for (sorry I'm not paid to advertise but that is a reality). As a normal user, you don't need to become Alan Turing to use encryption software otherwise years of cryptology training should be provided to users prior to their use of encryption softwares - and we all know that this procedure is an absolute bullshit. The integrity of a software can be at least be judged by just knowing how it works, the security flowchart, etc. otherwise only Paulo and company are allowed to use such encryption software which is obviously unfair to everyone including ME. |