home bbs files messages ]

Just a sample of the Echomail archive

COMPOSL3:

<< oldest | < older | list | newer > | newest >> ]

 Message 134,219 of 135,166 
 Richard Kettlewell to John Levine 
 Re: one time pads, not Python 
 02 Jan 26 09:15:11 
 
XPost: alt.folklore.computers
From: invalid@invalid.invalid

John Levine  writes:
> According to c186282  :
>>   If you know something ABOUT 'the pad' - like how
>>   many letters/numbers and how it's used - that may
>>   offer some attack options, at least narrow things
>>   down at bit.
>
> No, a real OTP is unbreakable.  The problem is that for every byte of
> message you need a byte of key, so distributing the keys and using
> them correctly is a logistical nightmare.

OTPs are broken in the sense that they are malleable. It’s easy for an
attacker to modify the encrypted message, if they know anything about
its expected structure.

For example, an encrypted financial transaction is likely to have the
amount of money to be sent at a predictable offset, so all the attacker
needs to do is flip one of the higher bits in that field and the victim
spends a great deal more money than they intended. If the pad is applied
using XOR (a natural approach today) then they can achieve that by
flipping the corresponding bit in the ciphertext.

The need for symmetric encryption systems to include a MAC to prevent
this kind of issue has been understood for a long time.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05
 * Origin: you cannot sedate... all the things you hate (1:229/2)

<< oldest | < older | list | newer > | newest >> ]


(c) 1994,  bbs@darkrealms.ca