[147806] in cryptography@c2.net mail archive
Re: [Cryptography] [RNG] on RNGs, VM state, rollback, etc.
daemon@ATHENA.MIT.EDU (Kent Borg)
Tue Oct 22 11:24:42 2013
X-Original-To: cryptography@metzdowd.com
Date: Tue, 22 Oct 2013 07:48:47 -0400
From: Kent Borg <kentborg@borg.org>
To: cryptography@metzdowd.com
In-Reply-To: <20131021222456.282C1E3CC@a-pb-sasl-quonix.pobox.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 10/21/2013 06:24 PM, Bill Stewart wrote:
> At 12:35 PM 10/21/2013, Jerry Leichter wrote:
>> Real-world cryptanalysis [can] break OTP.
>
> Real-world cryptanalysis can't break mathematical-cryptography OTP.
> But real-world cryptography can use sometimes-more-than-One-Time Pads,
> and not-independent-identically-distributed random pads, and
> not-destroyed-after-use pads, and real-world cryptanalysis can
> sometimes break those.
And the system boundaries matter: OTP itself cannot be broken. Period.
AES-256 itself (maybe) cannot be broken before the universe dies.
However *both* are vulnerable if used insecurely in a larger system.
And OTP has particularly large practical problems.
But it is still worth understanding the properties of such primatives.
As it is worth talking about the properties of a larger system built out
of them. And *that* system in turn might be used in an insecure way by
the still larger system that is built from it.
Saying "everything can be broken" because at some point someone will
make a mistake isn't very useful. At various points it *is* possible to
have security and one should understand those details so we can better
avoid the "someone will make a mistake" boo-boo.
My point: RNGs are still worth talking about, even in isolation,
everybody quit saying "oh, there is no point, every system can be broken".
-kb
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
