[rc5] Re: One Time Pad

Phil Reed pcr at ic.net
Mon Oct 27 19:22:52 EST 1997


>> Think of it this way. Before you go off to be ambassador to Bosnia, we
>sit
>> down and make up 1000 keys for your use over there. You carry those by
>> hand. You now have a way of passing 1000 secure messages back to me,
>> subject of course to the security issues involved in keeping the keys
>> hidden from others.
>> 
>> So while ALL the keys could be delivered at once, they can be used up
>> over time.
>> 
>> --
>> Bill Plein
>> bill at diablo.net 
>
>I guess that would be a workable situation.  I still believe that in such a
>case it would still be VERY possible for someone to steal the book, copy it
>down, and then have access to ALL correspondence for the next three years. 

Yes, very true. Thus, physical security of the OTP is a critical necessity.

Try getting into the communications room at the U.S. embassy in Bejing.

>A RC5-128 bit key that was switched (with the new key sent using the old
>encryption) every week or so would still be much better, IMHO.  

No, because if you get the crypto broken for one transmission, you have
the key for all the rest of the transmissions, plus some info about the
previous
one (the N-1 key). There still may be weaknesses in RC5. There is no
weakness in true OTP.

You still have to deliver the first key, too.

>(I can't
>imagine a situation where personal security was BETTER than data security.)

Remember, an advesary is always going to go after the weak link. If the
encryption is not the weak link, there are others. (Van Eck decoding, bribery,
dumpster diving, undeleting a file from the hard drive, rubber-hose
decryption....)

                                               ...phil
----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list