realbasic-nug
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Simple but mathematically valid encryption

from Daniel L. Taylor [Bookmark Link]
To: <realbasic-nug at lists dot realsoftware dot com>
Subject: Re: Simple but mathematically valid encryption
From: "Daniel L. Taylor" <dtaylor at taylor-design dot com>
Date: Thu, 30 Dec 2004 14:30:49 -0800
Delivered-to: realbasic-nug at lists dot realsoftware dot com
Organization: Taylor Design
References: <20041230213934 dot 081C36284FD at lists dot realsoftware dot com> 
What is a one-time pad?
A system whereby you combine data characters with random characters to produce an encrypted message. There is a random character (or byte) for every character of data. The recipient knows the random characters you used, and can therefore decode the message. The system is only secure if: 

* The "pad" of random characters are secret to you and the recipient.
* The pad is never, ever used again.
* The random characters are truly random with each new pad. Poorly implemented random number generators won't work.
This system can literally be used with pen and paper, and was often in the earlier part of this century. Hence the idea of a "one time pad". Two pads with identical pages of random characters are produced. Sender uses a page, burns it, and sends the message to the recipient who burns his page after decryption.
The system is secure because there's no way to know the right key. A key that produces a properly formatted but factually wrong message is just as likely as the key that produces the right message. Given the same encrypted message, "attack at dawn" and "attack at noon" would both be valid messages with different keys. Both are formatted correctly, but there's no way to determine which is actually correct. This is true of any linguistically correct phrase of 14 characters (in this case).
However, a failure of any of the conditions makes this system trival to break. There was a famous case where the U.S. decoded thousands of Soviet messages because the Soviets were reusing pads. Any scheme wereby the "pad" is determined from other information at runtime is insecure.
It's a good system that's logistically difficult to support. If you're trying to send nuclear launch codes to submarine captians with pads locked in a safe, this is the system to use. If you're trying to encrypt 10 MB files, this probably isn't the system. 

Daniel L. Taylor
Owner, Taylor Design
Computer Consulting & Software Development
help at taylor-design dot com
www.taylor-design.com


_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Managing Processes, Moore, Willie
Next by Date:  Re: Accepting Drop from iTunes, Theodore H.Smith
Previous by Thread:  Re: Simple but mathematically valid encryption, Will Leshner
Next by Thread:  Re: Simple but mathematically valid encryption, dda
Indexes:  [Date] [Thread] [Top] [All Lists]