[cryptography] Unbreakable crypto?

Jeffrey Goldberg jeffrey at goldmark.org
Fri Mar 20 17:21:57 EDT 2015


On 2015-03-20, at 1:24 PM, stef <s at ctrlc.hu> wrote:
> On Fri, Mar 20, 2015 at 06:12:31PM +0000, Dave Howe wrote:
>> Or a reasonably clever and trolling satire on snakeoil products. :)
> 
> the less optimistic alternative is this being a well-crafted water-holing site
> targeted at the members of this mailing-list.

Szia Stef,

I believe I’ve also seen this raised on sci.crypt, which is
spectacularly easy to troll.

I really WANT to believe it is a deliberate troll-like thing. But
the sad fact of the matter is that a huge number of people who
learn a little about the OTP think that they can create unbreakable
crypto, and they end up

(1) Using a crappy PRNG.
(2) Seeding/keying their crappy PRNG badly.
(3) Failing to notice/address the malleability of these things.
(4) Reusing the key/pad.

So whether a troll or not, that is the kind of snake oil that people
sincerely produce.

I like using the OTP as an example of how brittle some schemes are. Doing
things “slightly” wrong can lead to dramatic reductions in security.

Cheers,

-j




More information about the cryptography mailing list