Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: john on 29 Jan 2010 01:43 On Jan 29, 5:10 am, Vanessa <vanessavertu...(a)yahoo.com> wrote: > > You can do such desperate attack on any cryptosystem > as well. Unfortunately, in Infinite One-Time Pad, that is > hopeless if you do not know the other protections (Secret File, > Secret Modification, Secret Code). > > You might be able to Brute Force the password of other > cryptosystems but not in IO-TP. - That's why dude, with my years of experience securing design data I found the software simply the best and is very handy and easy to use - I've never had trouble using it. You're right, password is not difficult to fabricate and memorize, I don't know about Paulo maybe he struggled to memorize the "quick brown fox dah dah dah......". Ask a highschooler and he'll tell you the resistor colour codes via "Bad Boys R*ped Old....." and a school boy telling you the colour of a rainbow "Richard Of York Goes Battling.....". Frankly, some encryption software around specially the well exposed open-sources and other free softwares are just absolute shites,... As a normal user, you don't need to become Alan Turing to use encryption software otherwise years of cryptology training should be provided to users prior to their use of encryption softwares - and we all know that this procedure is by all means an absolute bullshit. The integrity of a software can at least be judged by just knowing how it works, the security flowchart, etc. otherwise only Paulo and his company (after series of scrutinies) are allowed to use such encryption software which is obviously unfair to everyone including ME.
From: Jeroen Belleman on 29 Jan 2010 04:16 Vanessa wrote: > [...] > Let me discuss again the issue so as the readers will understand why > I believe that Infinite One-Time Pad is unbreakable. I will also > compare > it with the legendary One-Time Pad so you can see the difference. > > The legendary One-Time Pad uses perfect random key while Infinite > One-Time Pad does not require perfect randomness. There is no need to create new terminology or add qualifications: The OTP uses a random key, of equal size to the plain text, once, by definition. Anything else is *not* a OTP. That's what makes it unbreakable. Knowledge of an arbitrary fraction of the key stream will tell you nothing about other parts of the key stream. [...] Deleted description of key transformations. > 5. Finally when you click on �Use Key�, the �Final Key� is applied > to the �Transformed Text� in 1. Any cryptographer worth his salt won't even bother to try and find the original password and whatever you did to transform it. Only the final key would be of interest. > QUESTION #3: How can you determine the �Final Key�? > What particular cryptanalytic attack will you use? How? > > QUESTION #4: How can you deduce the �Transformed text� from > the ciphertext? What particular cryptanalytic attack will you use? Well, we have the software, so the algorithm is no secret. An obvious first approach is to reverse-engineer the algorithm to find out how the final key is used to encrypt the plain text. A known plain text attack, and analysis of how small changes in the plain text propagate in the cipher text would expose periodicities and statistical bias. Professional cryptographers have many other tricks up their sleeves. I have no incentive to actually do this. My inability to break your product would prove nothing. I'm only an amateur. Jeroen Belleman
From: Richard Herring on 29 Jan 2010 06:09 In message <5421171c-f6af-40f1-95af-4876a16ce8cf(a)m35g2000prh.googlegroups.com>, Vanessa <vanessavertudez(a)yahoo.com> writes >> > QUESTION #3: How can you determine the “Final Key”? >> > What particular cryptanalytic attack will you use? How? >> >> You take the cyphertext, run the same algorithms that the program uses >> to decrypt it with your tentative password, until it results on a good >> plaintext. > >You can do such desperate attack on any cryptosystem >as well. Unfortunately, in Infinite One-Time Pad, that is >hopeless if you do not know the other protections (Secret File, >Secret Modification, Secret Code). > >You might be able to Brute Force the password of other >cryptosystems but not in IO-TP. OK, a simple question for you: is the key (i.e. the "password" plus the identity of the "Secret File", the "Secret Modification" and the "Secret Code") as long as the plaintext? Yes or no? -- Richard Herring
From: Richard Herring on 29 Jan 2010 06:15 In message <4b0c0644-0405-44ef-93cf-ef2dde96e1a0(a)m25g2000yqc.googlegroups.com>, john <penetratorv(a)yahoo.com> writes >To make your statement >stronger, why not try using it? Because, as others have pointed out, merely using a cryptographic black box doesn't give any useful information about its strength. PS Posting your messages three times doesn't increase their credibility. Nor do unsubstantiated claims of vast experience. -- Richard Herring
From: Vanessa on 29 Jan 2010 07:16
On Jan 29, 5:16 pm, Jeroen Belleman <jer...(a)nospam.please> wrote: > Vanessa wrote: > > [...] > > Let me discuss again the issue so as the readers will understand why > > I believe that Infinite One-Time Pad is unbreakable. I will also > > compare > > it with the legendary One-Time Pad so you can see the difference. > > > The legendary One-Time Pad uses perfect random key while Infinite > > One-Time Pad does not require perfect randomness. > > There is no need to create new terminology or add qualifications: > The OTP uses a random key, of equal size to the plain text, once, > by definition. Anything else is *not* a OTP. That's what makes it > unbreakable. Knowledge of an arbitrary fraction of the key stream > will tell you nothing about other parts of the key stream. > > [...] Deleted description of key transformations. > > > 5. Finally when you click on Use Key, the Final Key is applied > > to the Transformed Text in 1. > > Any cryptographer worth his salt won't even bother to try and find > the original password and whatever you did to transform it. Only > the final key would be of interest. Even if the key is correct if the password is wrong, it won't decrypt. That's how secure Infinite One-Time Pad. To prove this, try to encrypt a plain text, use a secret file then type a password. Copy the resulting key. Click "Use Key" to apply the key. Then Try to decrypt by pasting the copied key without typing any password. > > > QUESTION #3: How can you determine the Final Key? > > What particular cryptanalytic attack will you use? How? > > > QUESTION #4: How can you deduce the Transformed text from > > the ciphertext? What particular cryptanalytic attack will you use? > > Well, we have the software, so the algorithm is no secret. > An obvious first approach is to reverse-engineer the algorithm > to find out how the final key is used to encrypt the plain text. > A known plain text attack, and analysis of how small changes in the > plain text propagate in the cipher text would expose periodicities > and statistical bias. Professional cryptographers have many other > tricks up their sleeves. "Known Plain Text Attack" is of no use since you are uncovering the "Transformed Text" not the Plain Text. > > I have no incentive to actually do this. My inability to break > your product would prove nothing. I'm only an amateur. > > Jeroen Belleman We are only discussing here how. Any possible attack is welcome for study. |