Prev: Cipher challenge
Next: Rolex Oyster Perpetual Cosmograph Daytona Mens Watch 116523-WDO Collection
From: Andrew Swallow on 11 Nov 2008 19:49 rossum wrote: > On Tue, 11 Nov 2008 18:20:26 +0000, Guy Macon > <http://www.GuyMacon.com/> wrote: > >> The difficulty of sending a single keyfile is overblown. > If the keyfile is larger than the plaintext, and you can transmit the > keyfile securely then why do you need a keyfile at all? Just transmit > the plaintext using the same secure method. > > rossum > Time. It may take weeks to move the keyfile around the world. The encrypted message can be sent by radio or internet in seconds. Andrew Swallow
From: Guy Macon on 12 Nov 2008 07:47 rossum wrote: > >Guy Macon <http://www.GuyMacon.com/> wrote: > >>The difficulty of sending a single keyfile is overblown. >If the keyfile is larger than the plaintext, and you can transmit the >keyfile securely then why do you need a keyfile at all? Just transmit >the plaintext using the same secure method. Why have an email system when you can just hand someone a CD with all the emails you are ever going to send on it? The whole point of a shared-secret cipher is to share to key once and then use it to encrypt information that you didn't know about at the time you shared the key. -- Guy Macon <http://www.GuyMacon.com/>
From: Guy Macon on 12 Nov 2008 07:50 Unruh wrote: > >Guy Macon <http://www.GuyMacon.com/> writes: > >>Unruh wrote: > >>>Had you [Bill B] looked up "One Time Pad' you would have found >>>a description equivalent to what you state. And a proof of its >>>security essentially the same as yours.s. You would also have >>>found out why it is problematic-- that key can NEVER EVER be >>>reused for anything which means that you have to somehow securely >>>exchange a key larger than any message or set of messages you >>>will ever transmit. > >>Other than the difficulty of exchanging any key of any size, >>the days when exchanging a key larger than any message or set >>of messages you will ever transmit was extra-difficult are >>long gone. An 8GB micro-SD card is 11mm x 15mm x 1mm, >>(0.43" X 0.59" X 0.039") and costs about $20 USD. > >>I also don't consider it to be all that difficult to exchange >>the keys. Here is one way: > >>Prepare six 256GB random keys using different kinds of HRNGs >>running on seperate PCs. Store 3 of them on USB thumb drives. > >>Send the three thumb drives by Fedex, UPS, and US Mail using >>different names and addresses at the source city and destination >>city. > >>Send the other three files over the internet from different >>computers and different ISPs using email, FTP and BitTorrent. > >>At both ends, XOR the six files together to create matching >>265GB keys. > >>Not very difficult, and it would very very hard to intercept >>all six files; miss one and you have zero chance of breaking >>the OTP. > >>If you are the CIA or DOD or a bank that will be using the keys >>for billion-dollar transactions, send another 3 files by seperate >>trusted couriers. > >>The difficulty of sending a single keyfile is overblown. I do >>agree, however, that trying to send a different keyfile to >>each of a couple of hundred people would be difficult to manage, >>and doing so in advance of knowing who the recipients are is >>impossible. > >And then you have to keep track of where in the key you are Yes, but doing so isn't difficult, and it isn't all that hard to search the entire key if you lose your place -- Guy Macon <http://www.GuyMacon.com/>
From: Guy Macon on 12 Nov 2008 07:57 Unruh wrote: > >rossum <rossum48(a)coldmail.com> writes: > >>On Tue, 11 Nov 2008 18:20:26 +0000, Guy Macon >><http://www.GuyMacon.com/> wrote: > >>>The difficulty of sending a single keyfile is overblown. >>If the keyfile is larger than the plaintext, and you can transmit the >>keyfile securely then why do you need a keyfile at all? Just transmit >>the plaintext using the same secure method. > >He argues that the xor of two keys is a key. He *correctly* argues that the XOR of two random keys is a random key. >But then you could go through his process to send the message as well. >(send 5 messages, with message i being K1^K2^K3^K4^K5^M^Ki. Then xor all >five messages together at the other end and you have the message, while the >message is unrecoverable from anything less than all 5 of the >transmissions. So, yes, if you can send the key safely by his procedure, >you cansend the message safely by his procedure. Only if one of your messages consists of random data. XOR random data with a message in a human language and the result is indistinguishable from random data and totally immune to cryptograhy. XOR a message in a human language with a message in a human language and a cryptographer can figure out what the messages are. -- Guy Macon <http://www.GuyMacon.com/>
From: Guy Macon on 12 Nov 2008 08:01
rossum wrote: >Gordon Burditt wrote: > >>>>The difficulty of sending a single keyfile is overblown. >>> >>>If the keyfile is larger than the plaintext, and you can transmit the >>>keyfile securely then why do you need a keyfile at all? Just transmit >>>the plaintext using the same secure method. >> >>The same secure method (e.g. monthly code update sent to an embassy) >>is often TOO SLOW. Or it requires methods that are impractical for >>a secret agent to use while under cover. >> >>Starting a mission with a flash disk in your pocket is easy. Dropping >>one off at Spy HQ when you're spying on Al Queda and learn of a >>plot to nuke Washington by FedEx in 4 hours without giving yourself >>away may be a problem. >There are indeed some situation where a OTP is useful, and espionage >is often one of them. > >In the majority of situations, if you have a transmission channel >secure enough for the key, then sending the plaintext through the same >channel is easier. You aren't reading the posts you reply to. He just described a situation where the fellow starting the mission has a transmission channel secure enough for the key (a flash disk in your pocket) but cannot quickly send his message about the nuke from where he is in Bagdad to the folks in Langley Virginia using the same method. -- Guy Macon <http://www.GuyMacon.com/> |