Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Richard Herring on 29 Jan 2010 11:13 In message <hjus1u$omp$1(a)speranza.aioe.org>, Jeroen Belleman <jeroen(a)nospam.please> writes >Vanessa wrote: >> The key and the password must be correct. If one is wrong, it >> won't decrypt. > >So the key depends on the password by means of your famous >transformations and you *still* need the password and the key >together to transcrypt. Sounds pretty redundant. Redundancy is >bad in cryptography. > >Anyway, you should realize that anyone sufficiently interested >in your data can pick apart your algorithms. Therefore, security >depends entirely on the entropy of the key stream. From what you >told us previously, it looks like all these transformations >destroy a sizable amount of this entropy. If the "Secret Transformation" is badly chosen, it may destroy _all_ of it ;-) See Knuth's "super-random" generator I cited earlier. -- Richard Herring
From: john on 29 Jan 2010 11:22 > > BTW, you keep saying: "just download the software and try it out". Do > you have any idea of the risks you take when you download a random piece > of software from the internet and run it on your computer? How can you > be sure that the software is not a Trojan that opens a backdoor to your > computer to make it become part of a bot-net? Yes, I could try it on a > virtual machine, snapshotted and isolated from the network, but I > haven't seen a single argument that makes me believe that it is worth > the trouble... > > -- > Paulo Marques -www.grupopie.com That's the biggest hole I found in you dude. That shows you've no idea AT ALL about the software and yet you argue like you've been using the product for ages - resulting to confusions, senseless reasons, and a merry go round discussion. I can't blame Vanessa if she feels that the discussion is going nowhere let alone a waste of time as most people in here are applying their treasured principles to a wrong item. - To be honest with you lads, Nobody is forcing you to use the unbreakable Infinite One-Time Pad but judging it without even using it is undoubtedly WRONG! It's unbelievable! If you don't want to use it because you're scared of trojan, spywares, etc. and you believe that it's not worth a try then you have NO RIGHT to call it a BS, simply get your a*se out of it and if you do want to call it a BS, you should know its A-Z, use it,and produce a credible reason. People should be careful in giving verdicts to a PARTICULAR item specially in a public forum like this. If the name One Time Pad is the issue well, this software is not the legendary One Time Pad, its the INFINITE One Time Pad produced in 2009 using the latest technology!
From: Paulo Marques on 29 Jan 2010 11:32 john wrote: >> BTW, you keep saying: "just download the software and try it out". Do >> you have any idea of the risks you take when you download a random piece >> of software from the internet and run it on your computer? How can you >> be sure that the software is not a Trojan that opens a backdoor to your >> computer to make it become part of a bot-net? Yes, I could try it on a >> virtual machine, snapshotted and isolated from the network, but I >> haven't seen a single argument that makes me believe that it is worth >> the trouble... > > That's the biggest hole I found in you dude. That shows you've no idea > AT ALL about the software and yet you argue like you've been using the > product for ages - resulting to confusions, senseless reasons, and a > merry go round discussion. I explained how GnuPG works in 3 simple paragraphs without having to ask you to download and try it out. If you can't do the same with IOTP, then that's a clear sign of a ill-devised cryptographic software. This thread as been the telephonic equivalent of: john - "look at these nice TalkThing2000 that you can connect with a wire to a central and talk with other people. You just mark their number and you listen on the listening thing. This is the best thing since sliced bread! The company the sells them say they are great!" sci.crypt - "err... did you ear about cell phones?" john - "cell phones are a thing of the past. you need to recharge them in order for them to work! you must get in sync with the latest advances" sci.crypt - "you can carry cell phones with you, and you can't carry local line phones" john - "dude, how can you say bad things about TalkThing2000 without even trying them out?" sci.crypt - "err... ok, I give up.... :(" -- Paulo Marques - www.grupopie.com "Measure with laser, mark with chalk, cut with chainsaw."
From: john on 29 Jan 2010 12:13 On Jan 29, 4:32 pm, Paulo Marques <pmarq...(a)grupopie.com> wrote: > john wrote: > >> BTW, you keep saying: "just download the software and try it out". Do > >> you have any idea of the risks you take when you download a random piece > >> of software from the internet and run it on your computer? How can you > >> be sure that the software is not a Trojan that opens a backdoor to your > >> computer to make it become part of a bot-net? Yes, I could try it on a > >> virtual machine, snapshotted and isolated from the network, but I > >> haven't seen a single argument that makes me believe that it is worth > >> the trouble... > > > That's the biggest hole I found in you dude. That shows you've no idea > > AT ALL about the software and yet you argue like you've been using the > > product for ages - resulting to confusions, senseless reasons, and a > > merry go round discussion. > > I explained how GnuPG works in 3 simple paragraphs without having to ask > you to download and try it out. If you can't do the same with IOTP, then > that's a clear sign of a ill-devised cryptographic software. > > This thread as been the telephonic equivalent of: > > john - "look at these nice TalkThing2000 that you can connect with a > wire to a central and talk with other people. You just mark their number > and you listen on the listening thing. This is the best thing since > sliced bread! The company the sells them say they are great!" > > sci.crypt - "err... did you ear about cell phones?" > > john - "cell phones are a thing of the past. you need to recharge them > in order for them to work! you must get in sync with the latest advances" > > sci.crypt - "you can carry cell phones with you, and you can't carry > local line phones" > > john - "dude, how can you say bad things about TalkThing2000 without > even trying them out?" > > sci.crypt - "err... ok, I give up.... :(" > > -- > Paulo Marques -www.grupopie.com > > "Measure with laser, mark with chalk, cut with chainsaw." - That's a very nice example dude, I like it - funny that... however, it is so simple enought to match the complex situation we're in that's the reason why confusion is all around us at the moment and the discussion is just goin' nowhere. In engineering works, you don't stay in the office all the time, you need to go out, get into the machines/ equipment, make thorough examination to produce accurate data. There are things that written description (+imagination) is not just enough to thoroughly understand them (esp. processes) yet you can easily understand them (processes) when you actually see them in action.
From: Paulo Marques on 29 Jan 2010 12:28
john wrote: > [...] > - That's a very nice example dude, I like it - funny that... however, > it is so simple enought to match the complex situation we're in that's > the reason why confusion is all around us at the moment and the > discussion is just goin' nowhere. In engineering works, you don't stay > in the office all the time, you need to go out, get into the machines/ > equipment, make thorough examination to produce accurate data. There > are things that written description (+imagination) is not just enough > to thoroughly understand them (esp. processes) yet you can easily > understand them (processes) when you actually see them in action. Let me put this another way: _you_ say that IOTP is very secure. To be able to say something like that _you_ must know exactly how it works. If you don't know how it works, you can not argue that it is secure. If you do know, then you can explain to us why it is secure without us having to go and try it out. -- Paulo Marques - www.grupopie.com "All generalizations are false." |