[rc5] Re: One Time Pad

Paul Leskinen paul at csfi.com
Mon Oct 27 13:46:00 EST 1997


> > The problem with One Time Pads is getting the KEY to the person who
> > needs it to use for decryption.  The most practical way for doing
> > so is by diplomatic pouch (governments) or courier (businesses).
> > [Writeable CD-ROMs are a godsend.  One can "package" more than 600MB
> > of key into something that is easily carried.]
> > 
> > mikus
> 
> May I ask why, if a secure transport method has been found, that the
> message itself cannot simply be sent?  (If a message was so ultra-secret
> that a OTP was needed, I'd be much more worried about the human factor of
> data  security than the possibility of the key being brute-forced.)
> 
> Mike "Silby" Silbersack

Well, in a word: Speed. It certainly is faster to e-mail someone an OTP-encrypted message than it is to hand-carry it to the destination! Once you've hand-delivered the "keys", you can use them to send messages all you want, until they're "used up." Then you'll need to deliver more.

The simple fact of OTP is that without knowledge of the key, it is absolutely unbreakable. There is no other way to put it. If you take any string (the message) and XOR it with random data, the result is random data. That's the premise of OTP, and it works flawlessly, assuming a truly "random" key is used.

Now, I've thought of a good approximation to a true OTP system:  Use an arbitrarily long key (however many bits you want), and use that to generate a unique irrational number, the digits of which become your random key stream. That would be a virutually unbreakable system (statistical methods would not work), with a suitably long key. I really don't know if it's even feasible, but hey, it's just a thought.

  -- Paul Leskinen
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list