[Cryptography] crypto hygiene for keys, pads, et cetera
John Denker
jsd at av8n.com
Sat Dec 12 14:06:55 EST 2015
On 12/04/2015 08:35 AM, Henry Baker wrote:
> Dear Mr. Comey, Mr. Vance, Ms. May, at al:
>
> The one-time pad is approximately 100 years old,
> and provides perfect secrecy
In a sense that's entirely true, but in another sense it is profoundly
wrong.
> (so long as you don't reuse the key material).
That's an important proviso, but not the only proviso. Much depends
on details of the threat model.
-- Stand-off attacks against the communication channel only?
-- Attacks that capture the pad (and the user)?
> Here's the program [....]
Here's problem #1: If you were to use that program "as-is", it would
flunk the silk-or-cyanide test. It implements the encode and decode
functionality, but fails to implement the /one-time/ property.
Here's problem #2: It is quite nontrivial to fix problem #1.
As the saying goes, encryption is easy, but security is hard. The
XOR program is fine if all you need is encryption/decryption, but
it is vastly harder to implement a true OTP system that ensures
that the pad is used only once.
Here is a discussion of what can go wrong ... plus some possibly-
constructive suggestions on how to obliterate information stored
on flash memory chips.
https://www.av8n.com/security/private-data-storage.htm
=============================
On 12/11/2015 10:03 AM, Henry Baker wrote:
> I'm going to be giving a technical talk on
> crypto to non-crypto people. [....] Any advice?
I would start with the point mentioned above: Encryption is easy,
but security is hard. Real security depends on mathematics, physics,
electrical engineering, computer programming, human factors, et cetera.
This should be flattering to the multidisciplinary audience.
> Diffie Hellman
For a general audience, one might consider presenting Merkle Puzzles
rather than full-blown DH. It requires a lot less mathematics.
More information about the cryptography
mailing list