Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: unruh on 30 Jan 2010 17:44 On 2010-01-30, rossum <rossum48(a)coldmail.com> wrote: > On Sat, 30 Jan 2010 02:55:48 -0800 (PST), john <penetratorv(a)yahoo.com> > wrote: > >>On Jan 30, 10:14??am, rossum <rossu...(a)coldmail.com> wrote: >>> On Fri, 29 Jan 2010 21:43:34 -0800 (PST), john <penetrat...(a)yahoo.com> >>> wrote: >>> >>> >If by design it requires 10000 >>> >SHA-256 in sequence to validate the password to ensure security, do >>> >not use this as a measure. >>> >>> Your lack of cryptographic knowledge is showing. ??This technique is >>> called "stretching" and is used to slow down brute force attacks. >>> >>> rossum >> >>- Whatever you call that dude, it won't bother me at all, you can copy- >>paste all your cryptographical terms here, it's free. I rather don't >>go off-topic or repeat things over and over again just to show to the >>world that I'm an expert of SHA-0, SHA-1, 256, 384, 512 huh! You can >>go over the past posts to see how a brute force attack is just not >>enough to break the iotp. >> >>John Springfield > Your ignorance of the purpose of cryptographic stretching is noted. > Such ignorance only confirms that your advice on the quality of > cryptographic software is worth precisely what we are paying for it. I disagree. Someone might listen to him, in which case it is worth large negative values. > > rossum > >
From: Richard Herring on 1 Feb 2010 05:38
In message <d295061d-8c58-477b-9696-9a13466a9762(a)22g2000yqr.googlegroups.com>, john <penetratorv(a)yahoo.com> writes >> >> >The Plain Text changes in length after compression and transformation. >> >> Not relevant. >> >- Of course it's relevant dude, that denies the classic unicity >distance theory. Really? You think compressing the plaintext changes its entropy? Care to give a worked example? >> >> >You will be attacking the >> >Transformed Text not the Plain Text. Password, Modification, Secret >> >Code >> >could be any length. >> >> So it's not required to be as long as the plaintext? > >- Certainly dude, if it is then that's classic, if it isn't then >that's IOTP. > Then by definition "IOTP" does not possess perfect secrecy. Since the only compelling reason for using a true OTP is its provable perfect secrecy, "IOTP" lacks the one property that would justify any "OTP-like" claims, and clearly should be renamed "I" to avoid confusion. -- Richard Herring |