Infinite One-Time Pad, is this product BS?
in [Cryptography]
|
Prev: Certificates
Next: Q: Kerchhoffs' principle
From: Paulo Marques on 26 Jan 2010 11:35 vanessavertudez(a)yahoo.com wrote: > On Jan 26, 11:59 pm, vanessavertu...(a)yahoo.com wrote: >> On Jan 26, 11:04 pm, Paulo Marques <pmarq...(a)grupopie.com> wrote: >>> "'thinking outside the box' works better if I know what's inside the box." >> There are cases where you don't need to see what's inside the box. >> For example, it is plane to see that SR-71 Blackbird is faster than >> Boeing X-43. >> Do we still need to see the components used, designs, etc to believe >> it is. >> Sometimes, logical judgement is enough. Digging the internals is just >> a secondary. That was just a signature that my email client selected at random. I left it intact, because it sort of fitted the thread. In your own example: yes, you can see that the plane is faster, but you can't really see why. So knowing what's inside really works _better_. > As I understand, John based his judgement of the matter on the > logical point of view. I also tried the software Infinite One-Time Pad > and logically, it is unbreakable. And a lot of people have explained why is logic is flawed, but is replies to that have been similar to: "you know dude, "unicity distance" is dead dude, and that algebra and mathematics are soooo square dude, you need to understand the new extreme programming concepts that go beyond mathematics, dude... oh yeah, and some files are really big, dude" Now listen to that and tell me if you don't see a bong in there somewhere? ;) -- Paulo Marques - www.grupopie.com "Who is general Failure and why is he reading my disk?"
From: Richard Herring on 26 Jan 2010 11:34 In message <477ebf49-6d2f-4477-84b4-c192c5f4d4eb(a)b10g2000yqa.googlegroups.com>, john <penetratorv(a)yahoo.com> writes >Richard, before I forget ---- "It seems that you are already >captivated with Shannon's Principle. Hey, it's *your* favourite crypto program that claims to rely on Shannon: "Infinite One-Time Pad (IO-TP) is super secure text encryption and decryption software. It implements the concept of the true One-Time Pad to produce a ciphertext that is unbreakable." [...]. > It's time to free yourself dude! >Wake up, it's 2010... Bletchley Park is now a museum! We are already >living in the rapidly advancing >Computer Age. When you say that "The key is not random therefore it is >not secure", I'm sure you can remind me where I said that? A Message-ID will do. > as if you were saying "It is not a helicopter, therefore, >it cannot fly..." Take it from me dude, "clinging to Shannon's >Principle is very disastrous to the world of cryptography as it >prevents advancements". Indeed. That's why most practical cryptosystems don't implement perfect secrecy, and indeed Shannon took care to distinguish between "perfect secrecy", "ideal secrecy" and "practical secrecy" . >The Infinite One-Time Pad is the most advanced >cryptography software I've ever seen so far "Advanced"? The very (mis-)use of the phrase "One-Time Pad" proclaims that it's based on that very principle you keep deriding!. >- only for advanced people >though not for the vintage / war-time minded people. -- Richard Herring
From: vanessavertudez on 26 Jan 2010 12:14 On Jan 27, 12:34 am, Richard Herring <junk@[127.0.0.1]> wrote: > In message > <477ebf49-6d2f-4477-84b4-c192c5f4d...(a)b10g2000yqa.googlegroups.com>, > john <penetrat...(a)yahoo.com> writes > > >Richard, before I forget ---- "It seems that you are already > >captivated with Shannon's Principle. > > Hey, it's *your* favourite crypto program that claims to rely on > Shannon: > > "Infinite One-Time Pad (IO-TP) is super secure text encryption and > decryption software. It implements the concept of the true One-Time Pad > to produce a ciphertext that is unbreakable." > > [...]. > > > It's time to free yourself dude! > >Wake up, it's 2010... Bletchley Park is now a museum! We are already > >living in the rapidly advancing > >Computer Age. When you say that "The key is not random therefore it is > >not secure", > > I'm sure you can remind me where I said that? A Message-ID will do. > > > as if you were saying "It is not a helicopter, therefore, > >it cannot fly..." Take it from me dude, "clinging to Shannon's > >Principle is very disastrous to the world of cryptography as it > >prevents advancements". > > Indeed. That's why most practical cryptosystems don't implement perfect > secrecy, and indeed Shannon took care to distinguish between "perfect > secrecy", "ideal secrecy" and "practical secrecy" . > > >The Infinite One-Time Pad is the most advanced > >cryptography software I've ever seen so far > > "Advanced"? The very (mis-)use of the phrase "One-Time Pad" proclaims > that it's based on that very principle you keep deriding!. > > >- only for advanced people > >though not for the vintage / war-time minded people. > > -- > Richard Herring Okay, I will discuss here how Infinite One-Time Pad works according to available references. This may not be accurate as I may be missing something but generally it goes like this. The PLAIN text is compressed and encoded using series of algorithms. Let's now call it "Transformed Text". Now, the key is extracted from a secret file of your choice and again it is filtered and encoded and you have a chance to insert any word or characters at any location to modify it further. If you type a password, each character of the password re-encodes the modified key. Let's call the result as "Transformed Key". Finally, the "Transformed Key" is applied to the "Transformed Text". I CHALLENGE EVERYONE to present a solution on how to attack the ciphertext. You can find available "cryptanalysis" techniques here http://en.wikipedia.org/wiki/Cryptanalysis. Study the attacks then show how it could be used against Infinite One-Time Pad's ciphertext at least logically.
From: Paulo Marques on 26 Jan 2010 12:33 vanessavertudez(a)yahoo.com wrote: > [...] > Okay, I will discuss here how Infinite One-Time Pad works according > to available references. This may not be accurate as I may be missing > something but generally it goes like this. Since you seem to be honest and not trolling, I'll try to explain why this doesn't work. > The PLAIN text is compressed and encoded using series of algorithms. > Let's now call it "Transformed Text". This transformation doesn't involve any kind of encryption with a secret key. So, if an attacker want to test some key, it can try it and run the reverse transformation over the obtained text and see if that works. In fact, this transformed text can be even easier to attack than the original text. Let me give you an example: imagine that your transformation consisted of Zip'ing the files you want to encrypt. Now the attacker knows that the "transformed text" always start with the string "PK" (and other zip structure details) and doesn't even need to run the reverse transformation to find the actual plaintext to know if a key works or not. > Now, the key is extracted from a secret file of your choice and > again it is filtered and encoded The point here is key distribution: if you need to send your encrypted file to someone you need to also send the "secret file". At this point, is not secret anymore. > and you have a chance to insert any word or characters at any location > to modify it further. If you type a password, each character of the password > re-encodes the modified key. Let's call the result as "Transformed > Key". This is not very different from key strengthening. It is just slightly worse than any other algorithm out there. > Finally, the "Transformed Key" is applied to the "Transformed Text". Duh, > I CHALLENGE EVERYONE to present a solution on how to attack > the ciphertext. You can find available "cryptanalysis" techniques here > http://en.wikipedia.org/wiki/Cryptanalysis. Study the attacks then > show how it could be used against Infinite One-Time Pad's > ciphertext at least logically. You're talking to the crowd that wrote that wikipedia page, so you get no points for insulting everyone. If you compare that algorithm with something like GnuPG (for instance), you'll notice how key distribution is much easier and secure with GnuPG (and free). -- Paulo Marques - www.grupopie.com "Feed the hungry, save the whales, free the mallocs!"
From: rossum on 26 Jan 2010 12:34
On Tue, 26 Jan 2010 04:39:30 -0800 (PST), john <penetratorv(a)yahoo.com> wrote: >- To be honest with you dude "unicity distance" is now meaningless >IMHO.. Fine, then please crack my own unbreakable code. Here is a sample of cyphertext for you: 5A That is a single byte of cyphertext expressed in hex. Since unicity is "meaningless" you should be able to decrypt it. rossum |