[cryptography] Unbreakable crypto?

Michael Kjörling michael at kjorling.se
Sun Mar 22 08:46:11 EDT 2015


On 21 Mar 2015 21:17 -0700, from schoen at eff.org (Seth David Schoen):
> *True random pad*: Attacker doesn't know whether pad k₁ is actually more
> likely than pad k₂, if (c ⊕ k₁) and (c ⊕ k₂) both appear to be equally
> plausible plaintexts.
> 
> *Choosing a meaningful file but keeping secret which one you used*: An
> attacker who tries your file f₁ as the pad notices that both (c ⊕ f₁)
> and f₁ itself appear "meaningful", so it's more likely that f₁ is
> correct compared to some other f₂ which is not "meaningful".

This also goes hand in hand with the difference between a true OTP and
a stream cipher secured by a key of length less than the length of the
message to be encrypted. In that sense, "which file was used as the
pad?" corresponds to "what was the encryption key fed into the
cipher?".

-- 
Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)


More information about the cryptography mailing list