[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [crypto-philo]OTP or DES?

To: [email protected]
Subject: Re: [crypto-philo]OTP or DES?
From: Bill Stewart <[email protected]>
Date: Mon, 21 Oct 1996 01:31:24 -0700
Cc: walrus <[email protected]>
Sender: [email protected]

At 02:45 AM 10/20/95 -0500, walrus <[email protected]> wrote:
>I would argue that the security of an OTP is
>derived not from the fact that it really is secure, but from the fact that
>it is claimed to be an OTP.  

The meaning of "Security" depends on your threat model.
Are you worried about
- having your message noticed?
- having your message decoded?
- being able to deny a possible decoding of your message?

Whether your message noticed or not depends a lot on the environment;
in some places "pure noise" is not noticeable, while in others it
really stands out (posting it to a text newsgroup, for instance.)
If you simply remove the "----- BEGIN PGP" etc. headers/trailers from a PGP
message,
it's still got a well-defined format, including magic numbers indicating
what kind of data is in each block, block length indicators, etc.
They're both noticeable to someone who's trying to find them and
strong evidence that something is a PGP message.  That's why there's a
Stealth-PGP, though even it's not perfect.

As far as "Secure" meaning "They can't decode the message",
if you use a One-Time-Pad more than once, you can lose (viz. VENONA.)
If you use a pad that's not true random numbers, but is some simple
LFSR or LCM PRNG, or some random English-language book, it's pretty easy
for skilled cryptanalysts to decode it.

If you use something that has a well-defined structure as a pad,
and the Bad Guys notice your message and decode it, it's not credible
to say "oh, no, it's just a one-time pad, the fact that there's
one chance in 2**168 of that particular series of random numbers
matching the output of triple-DES shouldn't influence you any, Judge"....
You're gonna go to jail.    

What gives you deniability with OTPs is that they _can't_ produce a 
meaningful message that's any more probable than any other meaningful 
message of the same length, so you can argue that it really says
"BUY MORE" instead of "RUN AWAY" or "ATTACK!!" and even if they guess
you're lying, they can't tell what the true message was.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk
  Imagine if three million people voted for somebody they _knew_,
  and the politicians had to count them all.

Prev by Date: Re: Usenet and Re: extortion via digital cash
Next by Date: Re: Stego via TCP/IP (was Re: crypto wish list)
Prev by thread: Re: [crypto-philo]OTP or DES?
Next by thread: Re: [crypto-philo]OTP or DES?
Index(es):
- Date
- Thread