[cryptography] Unbreakable crypto?

Kevin kevinsisco61784 at gmail.com
Fri Mar 20 13:01:32 EDT 2015


On 3/20/2015 12:06 PM, Tony Arcieri wrote:
> On Fri, Mar 20, 2015 at 4:02 AM, Enrique Soriano <esoriano at lsub.org 
> <mailto:esoriano at lsub.org>> wrote:
>
>     These days we can buy 128GB pendrives (i.e. very long pads) for $35.
>
>     This simple approach seems viable to me:
>
>     https://www.codeandsec.com/Poor-Mans-Unbreakable-Encrypted-TCP-Tunnel
>
>
> Poorly implemented, one time pads are in fact quite dangerous:
>
> 1) Extremely great care must be taken to never reuse any portion of 
> the pad. When reused, the attacker can easily obtain the XOR of the 
> plaintexts encrypted with the reused portion of the pad
> 2) Without authentication (i.e. a MAC), one time pads are highly malleable
>
> The author of that software doesn't know the difference between a one 
> time pad and a stream cipher. There's no practical reason to prefer a 
> one time pad to a modern stream cipher like ChaCha20, which can be 
> combined with the Poly1305 MAC to create an authenticated encryption 
> scheme that isn't malleable like an unauthenticated one time pad.
>
> -- 
> Tony Arcieri
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
I am trying to contact the "company" and it is not easy.  They don't 
want people looking into them or the product they offer.  I guess it's 
fraud; I am disillusioned.  If you hold real still and listen, you can 
here the sound of my bubble bursting.



---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150320/8be51875/attachment.html>


More information about the cryptography mailing list