Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Richard Outerbridge on 4 Jan 2010 19:04 In article <slrnhk4jvh.ej1.unruh(a)wormhole.physics.ubc.ca>, unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > Why couldn't a horse be a jet fighter? There is a definition of a one > time pad, and it is what is provably unbreakable. What you describe is > NOT unbreakable in theory. It may be hard to break and may be a good > practical cypher, but it is not a one time pad and is not unbreakable. You are absolutely correct. My bad. outer
From: Earl_Colby_Pottinger on 6 Jan 2010 14:40 Another problem I think I see, if the attacker somehow got a copy of all the files on your system (off-site backups, break and enter then copying your hard drive, maybe even just a directory dump if he knew the source of your original files (internet anyone), outside monitoring of larger downloads) then your software is only protected by the strenght of your password! Considering that people who would usually fall for this type of hype will probably not use strong (large) passwords, a simple brute force search may be very fast. And this assumes the password hashing part of the code is good. If it is not then a lot of possible passwords will collide and the searching for a useful password will be even faster. Earl Colby Pottinger
From: Mok-Kong Shen on 6 Jan 2010 16:18 unruh wrote: > Why couldn't a horse be a jet fighter? There is a definition of a one > time pad, and it is what is provably unbreakable. What you describe is > NOT unbreakable in theory. It may be hard to break and may be a good > practical cypher, but it is not a one time pad and is not unbreakable. Unbreakable cipher (in the "absolute" sense) is in my humble view like the status of God. One could perhaps hope to achieve that but it is "practically" unachievable. Another analogy is the summation of a convergent series, where the theoretical limit could be approached but never exactly reached in the computing process. So why not be practical in mind and set for oneself some reasonalbe and a little bit more humble goal in "practical" encryption? M. K. Shen
From: unruh on 6 Jan 2010 19:48 On 2010-01-06, Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote: > unruh wrote: > >> Why couldn't a horse be a jet fighter? There is a definition of a one >> time pad, and it is what is provably unbreakable. What you describe is >> NOT unbreakable in theory. It may be hard to break and may be a good >> practical cypher, but it is not a one time pad and is not unbreakable. > > Unbreakable cipher (in the "absolute" sense) is in my humble view like > the status of God. One could perhaps hope to achieve that but it is > "practically" unachievable. Another analogy is the summation of a No. A one time pad is provably unbreakable (simply because any cleartext of the same size can be obtained from any encrypted text with the right key). It is not "proactially unachievable. It is relativel y easy to achieve. the problem is the key-- it can never be reused and you have to find some way of transproting the key to the recipient, and the key has to be at least as large as the message. Those are real problems, and are why the OTP is not used. > convergent series, where the theoretical limit could be approached but > never exactly reached in the computing process. So why not be practical > in mind and set for oneself some reasonalbe and a little bit more humble > goal in "practical" encryption? Of course. But that is not a one time pad and is not unbreakable. It may be useful, it may be far more useful than a OTP, but it is not a OTP and is not theoretically unbreakable.
From: adacrypt on 7 Jan 2010 09:14
On Jan 4, 1:25 am, Ohm <O...(a)no.no> wrote: > I was searching for real One Time Pad encryption software and I came > across this product called Infinite One-Time Pad (IO-TP). > > I have been reading their FAQ and it sounds like a load of BS, but > I wanted a confirmation from someone who understands how this stuff > works. > > I will post some of their FAQ here so there is no need to visit > their website. > > ------------------------ > Infinite One-Time Pad (IO-TP)http://www.hiddentools.com/io-tp/ > > Infinite One-Time Pad (IO-TP) is super secure text encryption and > decryption software. It implements the concept of the true One-Time Pad to > produce a ciphertext that is unbreakable. This software solves the problem > of key distribution and random key generation. > > Instead of using a perfect random key, the key material is obtained from > any file of your choice. An image file of size 300 KB (jpg) for example is > more than enough for most messages. Infinite One-Time Pad uses series of > different irreversible algorithms to transform the extracted key. The > calculations cannot be reversed and the transformed key has high > unpredictability similar to a perfect random key. The transformation > depends on the secret code and the password used. Infinite number of keys > can be generated from a single key file by using different passwords. This > is why it is called Infinite One-Time Pad. It has the strength of the True > One-Time Pad and yet, easier to use and implement. > > FAQ > > Main Features: > > Unbreakable Encryption - Text encrypted with Infinite One Time Pad is > invulnerable to cryptanalytic attacks. > > Built-in Authentication System - You have the option to include origin > data such as IP Address, Document Hash Code, Encryption Date, and more. > The selected data will be encrypted automatically together with the text > and will be used to verify the authenticity of the ciphertext. > > Hexadecimal and Base64 Encoding - The cipher text format can be either > hexadecimal or base64. These formats are printable and can be delivered > via e-mail. > > There are 5 protections available. Those in red font are under your > control. > > Compression - The plain text is compressed in memory to eliminate > regularities. This eliminates patterns in the frequency of the occurrence > of a specific character in the text. > > Secret Key File - You can use any file as a source of key material. The > software extracts the non-redundant characters and applies irreversible > algorithms to produce a unique key with high entropy that is equal in > length with the compressed text. > > Secret Code - You can create a new secret code so that the software will > use this value every time you encrypt a text. The secret code is used to > transform the input text and the key. Every single character of the secret > code is used in the transformation. The number of transformations is equal > to the length of the secret code. > > Key Modification - You can insert words or characters to the key for > additional protection. > > Password - The password transforms the input text and the key. Every > single character of the password is used in the transformation. The number > of transformations is equal to the length of the password. > > FAQ 2 > > Perfect randomness is often viewed as a stringent requirement to attain > perfect secrecy. This is true in the case of One-Time Pad. > > To attain Shannon Security, a key should be perfectly unpredictable random > data. Perfect randomness is applicable to the True One-Time Pad simply > because the key is directly applied with the plain text hence it is > vulnerable to cryptanalytic attacks. If the key material is not truly > random, the ciphertext could leak information and the message could be > deduced eventually. > > Perfect randomness cannot be attained using Pseudo Random Generators > (PRNG's) or any algorithms. The output could appear random but the > security only lies with the seed of the PRNG which could be subjected to > exhaustive attacks. If a secret algorithm is used on software, a clever > hacker could possibly analyze and derive the algorithm. Secure encryption > software therefore must not rely on the secrecy of the methods or > algorithms used. > > Absolute randomness is not the only key to perfect secrecy. Belief to the > contrary is a delusion. > > Infinite One-Time Pad implements the use of any file as a source of key > material. To generate a key with unpredictable data from a key file, the > algorithm must be irreversible. Cryptanalysts must not be able to > determine the original key even if both the algorithm and the transformed > key are known. If this is met, even a simple text file could be used as a > source of secure key material. > > Infinite One-Time Pad works on both the key and the plain text to produce > a ciphertext that cannot be analyzed. The plain text is compressed and > transformed. The key is also transformed using series of different > irreversible algorithms. The compression information is already lost and > cannot be recovered from the ciphertext. > > The attacker must provide the exact key or else it will fail to > decompress. It is impossible for an attacker to reconstruct the exact key > by any means. Ciphertext generated using Infinite One-Time Pad does not > leak information hence; perfect randomness is not a stringent requirement.. > The key transformed using the irreversible algorithms has high > unpredictability. Moreover, if password protection is used, the ciphertext > cannot be broken by brute force. If the password is wrong, it will fail to > decompress even if the key is correct. > > (Further information athttp://www.hiddentools.com/io-tp/) Hi, There is a modernised One-Time Pad cipher called ASCII_Pad on my website that you might find interesting - I can demonstrate true randomness on keys up to 14250 characters long => that message length - see "principles of Modernising the OTp" also on the same website" also - Cheers - adacrypt |