[149091] in cryptography@c2.net mail archive
Re: [Cryptography] [cryptography] Boing Boing pushing an RSA
daemon@ATHENA.MIT.EDU (Phillip Hallam-Baker)
Fri Jan 17 08:02:49 2014
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <1389917899.22018.46.camel@excessive.dsl.static.sonic.net>
Date: Fri, 17 Jan 2014 07:57:37 -0500
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Bear <bear@sonic.net>
Cc: Steve Furlong <demonfighter@gmail.com>,
Cryptography <cryptography@metzdowd.com>,
Crypto discussion list <cryptography@randombit.net>,
Kent Borg <kentborg@borg.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============1132686871970067418==
Content-Type: multipart/alternative; boundary=001a11c345401f41b104f02a16aa
--001a11c345401f41b104f02a16aa
Content-Type: text/plain; charset=ISO-8859-1
On Thu, Jan 16, 2014 at 7:18 PM, Bear <bear@sonic.net> wrote:
> On Wed, 2014-01-15 at 10:38 -0500, Steve Furlong wrote:
> > On Wed, Jan 15, 2014 at 9:15 AM, Kent Borg <kentborg@borg.org> wrote:
> > > Huh? How can this be?
> > > one-time-pads themselves are compromised??
> >
> > Compromised PRNGs.
> >
>
> PRNG's have nothing to do with one-time pads. Compromised PRNG's
> affect stream ciphers, but one time pads do not use PRNG's.
>
The criteria for a one time pad is that the entropy in matches the
ciphertext length so there is an equal probability of any possible
plaintext mapping to any possible ciphertext.
Since every physical implementation of a random number generator has bias,
it is necessary to perform conditioning of the random seed before use and
this may be either a hash or a PRNG.
So using a OTP in practice does involve a PRNG which in turn means that the
practical system is not theoretically secure. Not using a PRNG makes the
system theoretically secure but insecure in practice.
Theoretically secure but insecure in practice also applies to quantum
cryptography.
--
Website: http://hallambaker.com/
--001a11c345401f41b104f02a16aa
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Thu, Jan 16, 2014 at 7:18 PM, Bear <span dir=3D"ltr"><<a href=
=3D"mailto:bear@sonic.net" target=3D"_blank">bear@sonic.net</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"im">On Wed, 2014-01-15 at 10:3=
8 -0500, Steve Furlong wrote:<br>
> On Wed, Jan 15, 2014 at 9:15 AM, Kent Borg <<a href=3D"mailto:kentb=
org@borg.org">kentborg@borg.org</a>> wrote:<br>
</div><div class=3D"im">> > Huh? =A0How can this be?<br>
</div><div class=3D"im">> > one-time-pads themselves are compromised?=
?<br>
><br>
> Compromised PRNGs.<br>
><br>
<br>
</div>PRNG's have nothing to do with one-time pads. =A0Compromised PRNG=
's<br>
affect stream ciphers, but one time pads do not use PRNG's.<br></blockq=
uote><div><br></div><div>The criteria for a one time pad is that the entrop=
y in matches the ciphertext length so there is an equal probability of any =
possible plaintext mapping to any possible ciphertext.</div>
<div><br></div><div>Since every physical implementation of a random number =
generator has bias, it is necessary to perform conditioning of the random s=
eed before use and this may be either a hash or a PRNG.</div><div><br></div=
>
<div><br></div><div>So using a OTP in practice does involve a PRNG which in=
turn means that the practical system is not theoretically secure. Not usin=
g a PRNG makes the system theoretically secure but insecure in practice.</d=
iv>
<div><br></div><div>Theoretically secure but insecure in practice also appl=
ies to quantum cryptography.</div><div><br></div><div><br></div><div><br></=
div><div>=A0</div></div>-- <br>Website: <a href=3D"http://hallambaker.com/"=
>http://hallambaker.com/</a><br>
</div></div>
--001a11c345401f41b104f02a16aa--
--===============1132686871970067418==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============1132686871970067418==--
