[cryptography] Unbreakable crypto?
bascule at gmail.com
Fri Mar 20 12:06:25 EDT 2015
On Fri, Mar 20, 2015 at 4:02 AM, Enrique Soriano <esoriano at lsub.org> wrote:
> These days we can buy 128GB pendrives (i.e. very long pads) for $35.
> This simple approach seems viable to me:
Poorly implemented, one time pads are in fact quite dangerous:
1) Extremely great care must be taken to never reuse any portion of the
pad. When reused, the attacker can easily obtain the XOR of the plaintexts
encrypted with the reused portion of the pad
2) Without authentication (i.e. a MAC), one time pads are highly malleable
The author of that software doesn't know the difference between a one time
pad and a stream cipher. There's no practical reason to prefer a one time
pad to a modern stream cipher like ChaCha20, which can be combined with the
Poly1305 MAC to create an authenticated encryption scheme that isn't
malleable like an unauthenticated one time pad.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography