[cryptography] Unbreakable crypto?

Jeffrey Goldberg jeffrey at goldmark.org
Fri Mar 20 17:21:57 EDT 2015

On 2015-03-20, at 1:24 PM, stef <s at ctrlc.hu> wrote:
> On Fri, Mar 20, 2015 at 06:12:31PM +0000, Dave Howe wrote:
>> Or a reasonably clever and trolling satire on snakeoil products. :)
> the less optimistic alternative is this being a well-crafted water-holing site
> targeted at the members of this mailing-list.

Szia Stef,

I believe I’ve also seen this raised on sci.crypt, which is
spectacularly easy to troll.

I really WANT to believe it is a deliberate troll-like thing. But
the sad fact of the matter is that a huge number of people who
learn a little about the OTP think that they can create unbreakable
crypto, and they end up

(1) Using a crappy PRNG.
(2) Seeding/keying their crappy PRNG badly.
(3) Failing to notice/address the malleability of these things.
(4) Reusing the key/pad.

So whether a troll or not, that is the kind of snake oil that people
sincerely produce.

I like using the OTP as an example of how brittle some schemes are. Doing
things “slightly” wrong can lead to dramatic reductions in security.



More information about the cryptography mailing list