Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Vanessa on 29 Jan 2010 07:25 On Jan 29, 7:09 pm, Richard Herring <junk@[127.0.0.1]> wrote: > In message > <5421171c-f6af-40f1-95af-4876a16ce...(a)m35g2000prh.googlegroups.com>, > Vanessa <vanessavertu...(a)yahoo.com> writes > > >> > QUESTION #3: How can you determine the Final Key? > >> > What particular cryptanalytic attack will you use? How? > > >> You take the cyphertext, run the same algorithms that the program uses > >> to decrypt it with your tentative password, until it results on a good > >> plaintext. > > >You can do such desperate attack on any cryptosystem > >as well. Unfortunately, in Infinite One-Time Pad, that is > >hopeless if you do not know the other protections (Secret File, > >Secret Modification, Secret Code). > > >You might be able to Brute Force the password of other > >cryptosystems but not in IO-TP. > > OK, a simple question for you: is the key (i.e. the "password" plus the > identity of the "Secret File", the "Secret Modification" and the "Secret > Code") as long as the plaintext? Yes or no? > > -- > Richard Herring The Plain Text changes in length after compression and transformation. The Key is as long as the Transformed Text. You will be attacking the Transformed Text not the Plain Text. Password, Modification, Secret Code could be any length.
From: Richard Herring on 29 Jan 2010 08:11 In message <1c8e13fc-1ffb-4d34-8076-fc710364b8bc(a)z10g2000prh.googlegroups.com>, Vanessa <vanessavertudez(a)yahoo.com> writes >On Jan 29, 7:09 pm, Richard Herring <junk@[127.0.0.1]> wrote: >> In message >> <5421171c-f6af-40f1-95af-4876a16ce...(a)m35g2000prh.googlegroups.com>, >> Vanessa <vanessavertu...(a)yahoo.com> writes >> >> >> > QUESTION #3: How can you determine the “Final Key”? >> >> > What particular cryptanalytic attack will you use? How? >> >> >> You take the cyphertext, run the same algorithms that the program uses >> >> to decrypt it with your tentative password, until it results on a good >> >> plaintext. >> >> >You can do such desperate attack on any cryptosystem >> >as well. Unfortunately, in Infinite One-Time Pad, that is >> >hopeless if you do not know the other protections (Secret File, >> >Secret Modification, Secret Code). >> >> >You might be able to Brute Force the password of other >> >cryptosystems but not in IO-TP. >> >> OK, a simple question for you: is the key (i.e. the "password" plus the >> identity of the "Secret File", the "Secret Modification" and the "Secret >> Code") as long as the plaintext? Yes or no? >> > >The Plain Text changes in length after compression and transformation. Not relevant. >The Key is as long as the Transformed Text. I think you misunderstood. The key _stream_ of a stream cipher is necessarily as long as the text it enciphers. I'm asking about the total length of the secret information that the user has to remember. >You will be attacking the >Transformed Text not the Plain Text. Password, Modification, Secret >Code >could be any length. So it's not required to be as long as the plaintext? -- Richard Herring
From: Jeroen Belleman on 29 Jan 2010 08:51 Vanessa wrote: > On Jan 29, 5:16 pm, Jeroen Belleman <jer...(a)nospam.please> wrote: >> Any cryptographer worth his salt won't even bother to try and find >> the original password and whatever you did to transform it. Only >> the final key would be of interest. > > Even if the key is correct if the password is wrong, it won't > decrypt. That merely means that what you call 'the key' is incomplete. That has nothing to do with the security of the method. > "Known Plain Text Attack" is of no use since you are uncovering > the "Transformed Text" not the Plain Text. OK, let's assume I've hacked your software to substitute a "Transformed Text" of my choice. Surely you do not pretend the transformation plain text -> transformed text or its reverse is secure too? Jeroen Belleman
From: Vanessa on 29 Jan 2010 08:59 On Jan 29, 9:51 pm, Jeroen Belleman <jer...(a)nospam.please> wrote: > Vanessa wrote: > > On Jan 29, 5:16 pm, Jeroen Belleman <jer...(a)nospam.please> wrote: > >> Any cryptographer worth his salt won't even bother to try and find > >> the original password and whatever you did to transform it. Only > >> the final key would be of interest. > > > Even if the key is correct if the password is wrong, it won't > > decrypt. > > That merely means that what you call 'the key' is incomplete. That > has nothing to do with the security of the method. > The key and the password must be correct. If one is wrong, it won't decrypt. > > "Known Plain Text Attack" is of no use since you are uncovering > > the "Transformed Text" not the Plain Text. > > OK, let's assume I've hacked your software to substitute a "Transformed > Text" of my choice. Surely you do not pretend the transformation > plain text -> transformed text or its reverse is secure too? > > Jeroen Belleman Sorry, I cannot get your point here. I think better download the software to understand how it works before asking questions.
From: Bruce Stephens on 29 Jan 2010 09:02
Vanessa <vanessavertudez(a)yahoo.com> writes: [...] > The Plain Text changes in length after compression and transformation. Other systems (such a GnuPG) also perform compression before encryption (by default), so that's normal. This "transformation" idea seems useless. If it varies (using some key) then it's just part of the encryption. If it's fixed by the software then you should assume that an attacker knows what it is, so it's useless. > The Key is as long as the Transformed Text. You will be attacking the > Transformed Text not the Plain Text. Password, Modification, Secret > Code could be any length. Sounds like an unnecessarily complex system. Surely it's much safer either to use OTP or to use AES. By all means add compression, too (as most systems do, in practice), and you probably want to add in authentication. So reasonable advice would be (as everyone has said), use OpenPGP (implemented as GnuPG, probably). It's free, well-studied, well-regarded. |