[cryptography] One Time Pad Cryptanalysis

Lodewijk andré de la porte l at odewijk.nl
Sat Sep 28 15:08:43 EDT 2013


Secure OTP depends on two things:

1. Good source. P[i] must be independent to anything in P nor to the method
to generate P. "Random", you'd typically say. Fully unpredictable might be
more clear (given people's unclarity about what's random).
2. No leak of P

Reuse of P leaks P when the plaintext is not as random as P. That leads to
some fantasies towards using crackable cryptographic hashes, that are known
to have very random output. Something like MD5, easily reversible but with
good mixing (afaik). I realize I'm underequipped mathematically to compute
how much you can push that tactic though.

I'm really frustrated with people claiming OTP is insecure. I don't
understand how it is and I cannot seem to construe any angles of attack.
Certainly execution must happen properly, that's no different from anything
else. And that claim is meant as wide as it's written, not as wide as you
just interpreted it. Hell, call it Lewis' natural law. I don't want to
describe how negatively I think about people claiming OTP doesn't work,
this list is negative enough.

2013/9/28 John Young <jya at pipeline.com>

> This is simply treasonous. Security clearance voided.
> You be squished soon by boot stomper for 1%.

I must say that for a scientist you're not one to be exact in your use of

> At 07:40 AM 9/28/2013, iang wrote:
> They should be given something that won't screw up.  Which means it needs
> to be simple enough such that all the decisions are already made.
> In my work, I've evolved into an OO pattern which I call a Cryptor.  It
> has everything built in:  creation, storage, encrypt, decrypt as required.
>  Plus heavy ouroboris testing.
> The idea is modular, eg PK Cryptor is built out of an AES/CBC Cryptor and
> a HMAC Cryptor, etc.
> Another example is the API provided to do curve25519xsalsa20poly1305
> (which is in C so not OO).

How does this differ from using a library to do the crypto?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130928/73cf5fe0/attachment.html>

More information about the cryptography mailing list