[Cryptography] [RNG] on RNGs, VM state, rollback, etc.
Kent Borg
kentborg at borg.org
Tue Oct 22 07:48:47 EDT 2013
On 10/21/2013 06:24 PM, Bill Stewart wrote:
> At 12:35 PM 10/21/2013, Jerry Leichter wrote:
>> Real-world cryptanalysis [can] break OTP.
>
> Real-world cryptanalysis can't break mathematical-cryptography OTP.
> But real-world cryptography can use sometimes-more-than-One-Time Pads,
> and not-independent-identically-distributed random pads, and
> not-destroyed-after-use pads, and real-world cryptanalysis can
> sometimes break those.
And the system boundaries matter: OTP itself cannot be broken. Period.
AES-256 itself (maybe) cannot be broken before the universe dies.
However *both* are vulnerable if used insecurely in a larger system.
And OTP has particularly large practical problems.
But it is still worth understanding the properties of such primatives.
As it is worth talking about the properties of a larger system built out
of them. And *that* system in turn might be used in an insecure way by
the still larger system that is built from it.
Saying "everything can be broken" because at some point someone will
make a mistake isn't very useful. At various points it *is* possible to
have security and one should understand those details so we can better
avoid the "someone will make a mistake" boo-boo.
My point: RNGs are still worth talking about, even in isolation,
everybody quit saying "oh, there is no point, every system can be broken".
-kb
More information about the cryptography
mailing list